Wow-company

Button Generator

7 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-24713

  • EPSS 0.03%
  • Published 24.01.2025 18:15:44
  • Last modified 24.01.2025 18:15:44

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button Generator – easily Button Builder allows Cross Site Request Forgery. This issue affects Button Generator – easily Button Builder: from n/a through 3.1.1.

5.3

CVE-2023-49154

  • EPSS 0.25%
  • Published 09.12.2024 13:15:34
  • Last modified 09.12.2024 13:15:34

Missing Authorization vulnerability in Wow-Company Button Generator – easily Button Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Button Generator – easily Button Builder: from n/a through 2.3.8.

3.4

CVE-2024-3471

Exploit
  • EPSS 0.11%
  • Published 02.05.2024 06:15:50
  • Last modified 08.05.2025 18:45:13

The Button Generator WordPress plugin before 3.0 does not have CSRF check in place when bulk deleting, which could allow attackers to make a logged in admin delete buttons via a CSRF attack

8.8

CVE-2023-49155

  • EPSS 0.08%
  • Published 18.12.2023 23:15:08
  • Last modified 21.11.2024 08:32:56

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button Generator – easily Button Builder.This issue affects Button Generator – easily Button Builder: from n/a through 2.3.8.

6.5

CVE-2023-25443

  • EPSS 0.06%
  • Published 11.07.2023 13:15:09
  • Last modified 21.11.2024 07:49:31

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button Generator – easily Button Builder plugin <= 2.3.5 versions.

6.1

CVE-2023-2362

Exploit
  • EPSS 0.12%
  • Published 12.06.2023 18:15:09
  • Last modified 05.05.2025 16:15:35

The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box WordPress plugin before 1.2.2, Floating Button Word...

8.8

CVE-2021-25052

Exploit
  • EPSS 26.37%
  • Published 10.01.2022 16:15:09
  • Last modified 21.11.2024 05:54:15

The Button Generator WordPress plugin before 2.3.3 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE.