Vulnerabilities > CVE-2024-12560 - Unspecified vulnerability in Bplugins Button Block

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

bplugins

NVD

Published: 2024-12-19

Updated: 2025-02-24

Summary

The Button Block – Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.5 via the 'btn_block_duplicate_post' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract potentially sensitive data from draft, scheduled (future), private, and password protected posts.

Vulnerable Configurations

Part	Description	Count
Application	Bplugins Bplugins Button Block 1.0.0 Bplugins Button Block 1.0.1 Bplugins Button Block 1.0.2 Bplugins Button Block 1.0.3 Bplugins Button Block 1.0.4 Bplugins Button Block 1.0.5 Bplugins Button Block 1.0.6 Bplugins Button Block 1.0.7 Bplugins Button Block 1.0.8 Bplugins Button Block 1.0.9 Bplugins Button Block 1.1.0 Bplugins Button Block 1.1.1	12

Summary

Vulnerable Configurations

References