CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32579 – WordPress Forget About Shortcode Buttons Plugin <= 2.1.2 is vulnerable to Broken Access Control
https://notcve.org/view.php?id=CVE-2023-32579
11 May 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Designs & Code Forget About Shortcode Buttons plugin <= 2.1.2 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Designs & Code Forget About Shortcode Buttons en versiones <= 2.1.2. The Forget About Shortcode Buttons plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the fasc_buttons function in versions up to, and including, 2.1.2. This makes it possible for aut... • https://patchstack.com/database/vulnerability/forget-about-shortcode-buttons/wordpress-forget-about-shortcode-buttons-plugin-2-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2016-1000133 – Forget About Shortcode Buttons <= 1.1.1 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-1000133
29 Feb 2016 — Reflected XSS in wordpress plugin forget-about-shortcode-buttons v1.1.1 XSS reflejado en el plugin de wordpress forget-about-shortcode-buttons v1.1.1 The Forget About Shortcode Buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ajax_url’ variable in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfull... • http://www.securityfocus.com/bid/93869 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •