Medium severity6.1NVD Advisory· Published Dec 13, 2021· Updated Jun 17, 2026
CVE-2021-24792
CVE-2021-24792
Description
The Shiny Buttons WordPress plugin through 1.1.0 does not have any authorisation and CSRF in place when saving a template (wpbtn_save_template function hooked to the init action), nor sanitise and escape them before outputting them in the admin dashboard, which allow unauthenticated users to add a malicious template and lead to Stored Cross-Site Scripting issues.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Shiny Buttonsdescription
- Range: <=1.1.0
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/29514d8e-9d1c-4fb6-b378-f6b7374989canvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.