WordPress Plugin Vulnerabilities

Button Generator – easily Button Builder < 2.3.6 - Cross-Site Request Forgery

Description

The plugin does not adequately verify requests use nonces, making it susceptible to Cross-Site Request Forgery (CSRF) attacks.

Affects Plugins

Plugin icon
button-generation
Fixed in 2.3.6

References

CVE
CVE-2023-25443
URL
https://patchstack.com/database/vulnerability/button-generation/wordpress-button-generator-plugin-2-3-5-cross-site-request-forgery-csrf-vulnerability

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Rio Darmawan
Verified
No
WPVDB ID
ab76eb74-29e0-42b7-9a71-443fb493871f

Timeline

Publicly Published
2023-05-25 (about 2 years ago)
Added
2023-07-11 (about 2 years ago)
Last Updated
2023-07-11 (about 2 years ago)

Other

Published
Title
Published
2024-10-15
Title
Post From Frontend <= 1.0.0 - Post Deletion via CSRF
Published
2023-10-18
Title
Open Graph Metabox <= 1.4.4 - CSRF
Published
2025-03-27
Title
Currency Switcher for WooCommerce < 0.0.8 - Cross-Site Request Forgery
Published
2023-11-07
Title
ProfileGrid < 5.7.2 - Cross-Site Request Forgery
Published
2023-02-27
Title
Read More Excerpt Link < 1.6.1 - Settings Update via CSRF