WP Clinic
Log in Sign up

PLUGIN SECURITY

Is Button Generation safe?

Known vulnerabilities, PHP compatibility and safer alternatives for the Button Generation WordPress plugin — checked against WP Clinic's local security database.

Plugin details

  • Slug: button-generation
  • Requires PHP: 7.4+
  • Max supported PHP (analyzed): 8.4

Known vulnerabilities

  • Button Generator – Easily Create Custom Buttons with Icons and Analytics [button-generation] < 2.3.3 [CVE-2021-25052, WordPress Button Generator – easily Button Builder plugin <= 2.3.2 - Remote File Inclusion (RFI) leading to Remote Code Execution (RCE) via CSRF vulnerability, Button Generator &lt; 2.3.3 - RFI leading to RCE via CSRF, Button Generator – easily Button Builder <= 2.3.2 - Cross-Site Request Forgery]
  • Button Generator – Easily Create Custom Buttons with Icons and Analytics [button-generation] < 2.3.4 [CVE-2023-27452, Button Generator – easily Button Builder <= 2.3.3 - Authenticated (Administrator+) Stored Cross-Site Scripting, WordPress Button Generator – easily Button Builder Plugin <= 2.3.3 is vulnerable to Cross Site Scripting (XSS), Button Generator - easily Button Builder &lt; 2.3.4 - Admin+ Stored XSS]
  • Button Generator – Easily Create Custom Buttons with Icons and Analytics [button-generation] < 2.3.6 [CVE-2023-25443, WordPress Button Generator – easily Button Builder Plugin <= 2.3.5 is vulnerable to Cross Site Request Forgery (CSRF), Button Generator – easily Button Builder <= 2.3.5 - Cross-Site Request Forgery in tools-data-base.php, Button Generator &ndash; easily Button Builder &lt; 2.3.6 - Cross-Site Request Forgery]
  • Button Generator – Easily Create Custom Buttons with Icons and Analytics [button-generation] < 2.3.5 [CVE-2023-2362, Multiple Wow-Company Plugins (Various Versions) -- Reflected Cross-Site Scripting via 'page' parameter, Multiple Plugins from Wow-Company - Reflected XSS]
  • Button Generator – Easily Create Custom Buttons with Icons and Analytics [button-generation] < 2.3.9 [CVE-2023-49155, WordPress Button Generator – easily Button Builder Plugin <= 2.3.8 is vulnerable to Cross Site Request Forgery (CSRF), Button Generator – easily Button Builder <= 2.3.8 - Cross-Site Request Forgery, Button Generator &ndash; easily Button Builder &lt;= 2.3.8 - Cross-Site Request Forgery]
+ 3 more known vulnerabilities
  • Button Generator – Easily Create Custom Buttons with Icons and Analytics [button-generation] < 2.3.9 [CVE-2023-49154, WordPress Button Generator – easily Button Builder Plugin <= 2.3.8 is vulnerable to Broken Access Control, Button Generator – easily Button Builder <= 2.3.8 - Missing Authorization, Button Generator &ndash; easily Button Builder &lt;= 2.3.8 - Missing Authorization]
  • Button Generator – Easily Create Custom Buttons with Icons and Analytics [button-generation] < 3.0 [CVE-2024-3471, WordPress Button Generator – easily Button Builder Plugin < 3.0 is vulnerable to Cross Site Request Forgery (CSRF), Button Generator – easily Button Builder <= 2.3.9 - Cross-Site Request Forgery]
  • Button Generator – Easily Create Custom Buttons with Icons and Analytics [button-generation] < 3.1.2 [CVE-2025-24713, WordPress Button Generator – easily Button Builder Plugin <= 3.1.1 is vulnerable to Cross Site Request Forgery (CSRF), Button Generator – easily Button Builder <= 3.1.1 - Cross-Site Request Forgery, EUVD-2025-3905]

Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.

Safer / more established alternatives

Check your own WordPress site

Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.