CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-25052

The Button Generator WordPress plugin before 2.3.3 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.264

EPSS Ranking 96.0%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 5.1

References

Products affected by CVE-2021-25052

Wow-Company » Button Generator » Version: N/A

cpe:2.3:a:wow-company:button_generator:-
Wow-Company » Button Generator » Version: 1.0

cpe:2.3:a:wow-company:button_generator:1.0
Wow-Company » Button Generator » Version: 2.0

cpe:2.3:a:wow-company:button_generator:2.0
Wow-Company » Button Generator » Version: 2.1

cpe:2.3:a:wow-company:button_generator:2.1
Wow-Company » Button Generator » Version: 2.2

cpe:2.3:a:wow-company:button_generator:2.2
Wow-Company » Button Generator » Version: 2.3

cpe:2.3:a:wow-company:button_generator:2.3
Wow-Company » Button Generator » Version: 2.3.1

cpe:2.3:a:wow-company:button_generator:2.3.1
Wow-Company » Button Generator » Version: 2.3.2

cpe:2.3:a:wow-company:button_generator:2.3.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-25052

Products

Pricing

Contact Us