Unrated severityNVD Advisory· Published Nov 21, 2024· Updated Apr 8, 2026
Button Block – Get fully customizable & multi-functional buttons <= 1.1.4 - Authenticated (Contributor+) Post Disclosure
CVE-2024-10671
Description
The Button Block – Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.4 via the [btn_block] shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: <=1.1.4
- bplugins/Button Block – Design Stylish, Interactive, and Multi-Functional Buttonsv5Range: 0
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.