6.5
CVE-2024-12560
- EPSS 0.57%
- Veröffentlicht 19.12.2024 07:15:13
- Zuletzt bearbeitet 24.02.2025 16:02:11
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginButton Block – Get fully customizable & multi-functional buttons <= 1.1.5 - Authenticated (Contributor+) Post Disclosure via Post Duplication
The Button Block – Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.5 via the 'btn_block_duplicate_post' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract potentially sensitive data from draft, scheduled (future), private, and password protected posts.
Mögliche Gegenmaßnahme
Button Block – Design Stylish, Interactive, and Multi-Functional Buttons: Update to version 1.1.6, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Button Block – Design Stylish, Interactive, and Multi-Functional Buttons
Version
*-1.1.5
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Bplugins ≫ Button Block SwPlatformwordpress Version < 1.1.6
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.57% | 0.679 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| security@wordfence.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.