cleantalk
Vulnerabilities and Security Researches

Button Block – Get fully customizable & multi-functional buttons, CVE-2024-12560

CVE, Research URL

CVE-2024-12560

Home page URL

Security reports for Button Block – Get fully customizable & multi-functional buttons

Application

Button Block – Get fully customizable & multi-functional buttons

Published on
Dec 19, 2024
Research Description
The Button Block – Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.5 via the 'btn_block_duplicate_post' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract potentially sensitive data from draft, scheduled (future), private, and password protected posts.
Affected versions
Min -, max 1.1.6.
Status
vulnerable
Previous vulnerability researches
Button Block – Get fully customizable & multi-functional buttons (CVE-2024-10671) , Nov 21, 2024
Button Block – Get fully customizable & multi-functional buttons (CVE-2025-54694) , Aug 06, 2025
Button Block – Get fully customizable & multi-functional buttons (CVE-2025-22815) , Jan 11, 2025
Button Block – Get fully customizable & multi-functional buttons (CVE-2024-12560) , Dec 20, 2024
Button Block – Get fully customizable & multi-functional buttons (CVE-2025-22787) , Jan 17, 2025
New vulnerability
Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease! , Aug 08, 2025
Gutenverse – Gutenberg Blocks – Page Builder for Site Editor (CVE-2025-7727) , Aug 07, 2025
Flex Guten – A Multipurpose Gutenberg Blocks Plugin (CVE-2025-6256) , Aug 07, 2025
Simple File List (CVE-2025-54021) , Aug 07, 2025
Newsletters (CVE-2025-54034) , Aug 07, 2025