Lucene search
China National Vulnerability DatabaseCNVD-2022-21731HistoryJan 14, 2022 - 12:00 a.m.
WordPress Button Generator Plugin File Inclusion Vulnerability
2022-01-1400:00:00
China National Vulnerability Database
www.cnvd.org.cn
14
wordpress
file inclusion
vulnerability
php
remote file resources
admin menu
arbitrary code
exploit
EPSS
0.018
Percentile
88.3%
WordPress is the Wordpress Foundation’s set of blogging platforms developed using the PHP language. The WordPress Button Generator Plugin has a file inclusion vulnerability prior to 2.3.3. The vulnerability stems from the fact that the plugin does not effectively filter calls to remote file resources in the wowcompany admin menu page, which can be exploited to include arbitrary files with PHP extensions to execute arbitrary code.
Related
cvelist
cvelist
CVE-2021-25052 Button Generator < 2.3.3 - RFI leading to RCE via CSRF
2022-01-10 15:30:36
wpvulndb
wpvulndb
Button Generator < 2.3.3 - RFI leading to RCE via CSRF
2021-12-05 00:00:00
prion
prion
Cross site request forgery (csrf)
2022-01-10 16:15:00
wpexploit
wpexploit
Button Generator < 2.3.3 - RFI leading to RCE via CSRF
2021-12-05 00:00:00
patchstack
patchstack
nuclei
nuclei
WordPress Button Generator <2.3.3 - Remote File Inclusion
2022-02-08 01:07:19
cve
cve
CVE-2021-25052
2022-01-10 16:15:09
nvd
nvd
CVE-2021-25052
2022-01-10 16:15:09