Vulnerabilities > Wpeden

DATE	CVE	VULNERABILITY TITLE	RISK
2021-12-13	CVE-2021-24792	Cross-site Scripting vulnerability in Wpeden Shiny Buttons The Shiny Buttons WordPress plugin through 1.1.0 does not have any authorisation and CSRF in place when saving a template (wpbtn_save_template function hooked to the init action), nor sanitise and escape them before outputting them in the admin dashboard, which allow unauthenticated users to add a malicious template and lead to Stored Cross-Site Scripting issues. network wpeden CWE-79	4.3

Vulnerabilities > Wpeden {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Wpeden"}]}