Vulnerabilities > CVE-2021-24792 - Unspecified vulnerability in Wpeden Shiny Buttons 1.1.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
The Shiny Buttons WordPress plugin through 1.1.0 does not have any authorisation and CSRF in place when saving a template (wpbtn_save_template function hooked to the init action), nor sanitise and escape them before outputting them in the admin dashboard, which allow unauthenticated users to add a malicious template and lead to Stored Cross-Site Scripting issues.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |