← Back

CVE-2024-12560

nvd nist
Published: Dec 19, 2024Modified: Feb 28, 2025

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

The Button Block – Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.5 via the 'btn_block_duplicate_post' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract potentially sensitive data from draft, scheduled (future), private, and password protected posts.

Affected (1)

Bplugins
1 product
Button Block
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Button Block
Before 1.1.6

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

Source: security@wordfence.com
Patch
Source: security@wordfence.com
Third Party Advisory

Timeline

No history available yet.