CVE-2025-24713
Description
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button Generator – easily Button Builder button-generation allows Cross Site Request Forgery.This issue affects Button Generator – easily Button Builder: from n/a through <= 3.1.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
CSRF vulnerability in WordPress Button Generator plugin up to 3.1.1 allows attackers to force privileged users to execute unintended actions.
Vulnerability
Overview
The Button Generator – easily Button Builder plugin for WordPress, versions up to and including 3.1.1, is vulnerable to Cross-Site Request Forgery (CSRF). This flaw allows an attacker to trick a logged-in administrator into performing unwanted actions, such as modifying plugin settings or creating malicious buttons, without their consent [1].
Exploitation
Details
CSRF exploitation requires user interaction: an administrator must click a crafted link or visit a malicious page while authenticated to WordPress. The attacker does not need any special privileges beyond crafting a deceptive request; the administrator's session is used to execute the forged request [1].
Impact
Successful exploitation could lead to unauthorized changes in the plugin's configuration, potentially causing website defacement or redirecting users. The vendor rates this vulnerability as low severity, and mass exploitation may be unlikely but possible in targeted campaigns [1].
Mitigation
The vulnerability is patched in version 3.1.2. Users are strongly advised to update immediately. Plugin auto-updates can be enabled for Patchstack users as a proactive measure [1].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=3.1.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.