"product_name":"Shiny Buttons – CSS3 Button Generator for WordPress",
"version":{
"version_data":[
{
"version_affected":"<=",
"version_name":"1.1.0",
"version_value":"1.1.0"
}
]
}
}
]
}
}
]
}
},
"description":{
"description_data":[
{
"lang":"eng",
"value":"The Shiny Buttons WordPress plugin through 1.1.0 does not have any authorisation and CSRF in place when saving a template (wpbtn_save_template function hooked to the init action), nor sanitise and escape them before outputting them in the admin dashboard, which allow unauthenticated users to add a malicious template and lead to Stored Cross-Site Scripting issues."
