PLUGIN SECURITY
Is Button Generation safe?
Known vulnerabilities, PHP compatibility and safer alternatives for the Button Generation WordPress plugin — checked against WP Clinic's local security database.
Plugin details
- Slug:
button-generation - Requires PHP: 7.4+
- Max supported PHP (analyzed): 8.4
Known vulnerabilities
- Button Generator – Easily Create Custom Buttons with Icons and Analytics [button-generation] < 2.3.3 [CVE-2021-25052, WordPress Button Generator – easily Button Builder plugin <= 2.3.2 - Remote File Inclusion (RFI) leading to Remote Code Execution (RCE) via CSRF vulnerability, Button Generator < 2.3.3 - RFI leading to RCE via CSRF, Button Generator – easily Button Builder <= 2.3.2 - Cross-Site Request Forgery]
- Button Generator – Easily Create Custom Buttons with Icons and Analytics [button-generation] < 2.3.4 [CVE-2023-27452, Button Generator – easily Button Builder <= 2.3.3 - Authenticated (Administrator+) Stored Cross-Site Scripting, WordPress Button Generator – easily Button Builder Plugin <= 2.3.3 is vulnerable to Cross Site Scripting (XSS), Button Generator - easily Button Builder < 2.3.4 - Admin+ Stored XSS]
- Button Generator – Easily Create Custom Buttons with Icons and Analytics [button-generation] < 2.3.6 [CVE-2023-25443, WordPress Button Generator – easily Button Builder Plugin <= 2.3.5 is vulnerable to Cross Site Request Forgery (CSRF), Button Generator – easily Button Builder <= 2.3.5 - Cross-Site Request Forgery in tools-data-base.php, Button Generator – easily Button Builder < 2.3.6 - Cross-Site Request Forgery]
- Button Generator – Easily Create Custom Buttons with Icons and Analytics [button-generation] < 2.3.5 [CVE-2023-2362, Multiple Wow-Company Plugins (Various Versions) -- Reflected Cross-Site Scripting via 'page' parameter, Multiple Plugins from Wow-Company - Reflected XSS]
- Button Generator – Easily Create Custom Buttons with Icons and Analytics [button-generation] < 2.3.9 [CVE-2023-49155, WordPress Button Generator – easily Button Builder Plugin <= 2.3.8 is vulnerable to Cross Site Request Forgery (CSRF), Button Generator – easily Button Builder <= 2.3.8 - Cross-Site Request Forgery, Button Generator – easily Button Builder <= 2.3.8 - Cross-Site Request Forgery]
+ 3 more known vulnerabilities
- Button Generator – Easily Create Custom Buttons with Icons and Analytics [button-generation] < 2.3.9 [CVE-2023-49154, WordPress Button Generator – easily Button Builder Plugin <= 2.3.8 is vulnerable to Broken Access Control, Button Generator – easily Button Builder <= 2.3.8 - Missing Authorization, Button Generator – easily Button Builder <= 2.3.8 - Missing Authorization]
- Button Generator – Easily Create Custom Buttons with Icons and Analytics [button-generation] < 3.0 [CVE-2024-3471, WordPress Button Generator – easily Button Builder Plugin < 3.0 is vulnerable to Cross Site Request Forgery (CSRF), Button Generator – easily Button Builder <= 2.3.9 - Cross-Site Request Forgery]
- Button Generator – Easily Create Custom Buttons with Icons and Analytics [button-generation] < 3.1.2 [CVE-2025-24713, WordPress Button Generator – easily Button Builder Plugin <= 3.1.1 is vulnerable to Cross Site Request Forgery (CSRF), Button Generator – easily Button Builder <= 3.1.1 - Cross-Site Request Forgery, EUVD-2025-3905]
Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.
Safer / more established alternatives
- Call Now Button – The #1 Click to Call Button for WordPress — 200000+ active installs — max PHP 8.4
- WP Edit — 40000+ active installs — max PHP 8.4
- WP Call Button – Easy Click to Call Button for WordPress — 40000+ active installs — max PHP 8.4
- Sticky Side Buttons — 10000+ active installs
- WP Shortcode by MyThemeShop — 10000+ active installs
Check your own WordPress site
Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.