cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2021-24792,https://securityvulnerability.io/vulnerability/CVE-2021-24792,Shiny Buttons <= 1.1.0 - Unauthenticated Stored Cross-Site Scripting,"The Shiny Buttons WordPress plugin through 1.1.0 does not have any authorisation and CSRF in place when saving a template (wpbtn_save_template function hooked to the init action), nor sanitise and escape them before outputting them in the admin dashboard, which allow unauthenticated users to add a malicious template and lead to Stored Cross-Site Scripting issues.",Wordpress,Shiny Buttons – Css3 Button Generator For WordPress,6.1,MEDIUM,0.0014100000262260437,false,,false,false,false,,false,false,2021-12-13T10:40:55.000Z,0