Unrated severityNVD Advisory· Published Dec 19, 2024· Updated Apr 8, 2026
Button Block – Get fully customizable & multi-functional buttons <= 1.1.5 - Authenticated (Contributor+) Post Disclosure via Post Duplication
CVE-2024-12560
Description
The Button Block – Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.5 via the 'btn_block_duplicate_post' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract potentially sensitive data from draft, scheduled (future), private, and password protected posts.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: <=1.1.5
- bplugins/Button Block – Design Stylish, Interactive, and Multi-Functional Buttonsv5Range: 0
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.