cleantalk
Vulnerabilities and Security Researches

Button Block – Get fully customizable & multi-functional buttons, CVE-2024-10671

CVE, Research URL

CVE-2024-10671

Home page URL

Security reports for Button Block – Get fully customizable & multi-functional buttons

Application

Button Block – Get fully customizable & multi-functional buttons

Published on
Nov 21, 2024
Research Description
The Button Block – Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.4 via the [btn_block] shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to.
Affected versions
Min -, max 1.1.5.
Status
vulnerable
Previous vulnerability researches
Button Block – Get fully customizable & multi-functional buttons (CVE-2024-10671) , Nov 21, 2024
Button Block – Get fully customizable & multi-functional buttons (CVE-2025-54694) , Aug 06, 2025
Button Block – Get fully customizable & multi-functional buttons (CVE-2025-22815) , Jan 11, 2025
Button Block – Get fully customizable & multi-functional buttons (CVE-2024-12560) , Dec 20, 2024
Button Block – Get fully customizable & multi-functional buttons (CVE-2025-22787) , Jan 17, 2025
New vulnerability
Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease! , Aug 08, 2025
Gutenverse – Gutenberg Blocks – Page Builder for Site Editor (CVE-2025-7727) , Aug 07, 2025
Flex Guten – A Multipurpose Gutenberg Blocks Plugin (CVE-2025-6256) , Aug 07, 2025
Simple File List (CVE-2025-54021) , Aug 07, 2025
Newsletters (CVE-2025-54034) , Aug 07, 2025