CVE-2021-25052 Scanner

The Button Generator WordPress plugin is an admin menu page that allows website owners to generate customizable buttons for various purposes. This plugin is used to easily create buttons that can redirect users to other pages or perform specific actions on the website. In just a few clicks, users can generate buttons with text, colors, links, and more.

However, the Button Generator WordPress plugin before version 2.3.3 was found to have a serious vulnerability known as CVE-2016-1000152. This vulnerability allows attackers to include arbitrary files with PHP extensions, data:// or http:// protocols, through a CSRF RCE vulnerability. As a result, this allows attackers to execute remote code on the victim's machine, granting them complete control over the website and the underlying server.

When exploited, this vulnerability can lead to disastrous consequences for website owners. Attackers can gain access to sensitive information stored in the server and use it for malicious purposes, such as stealing confidential data or infecting the website with malware. They could also bypass any authentication mechanisms, add malicious content, deface the website, or use it to conduct attacks on other systems.

At s4e.io, we offer pro features that can help website owners quickly and easily identify vulnerabilities in their digital assets. Our platform offers comprehensive security scans, automated vulnerability assessments, and real-time alerts to ensure that website owners can mitigate any threats before they cause harm. Stay safe and secure, and let s4e.io help you keep your website protected.

REFERENCES

• https://plugins.trac.wordpress.org/changeset/2641639/button-generation
• https://wpscan.com/vulnerability/a01844a0-0c43-4d96-b738-57fe5bfbd67a