CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2024-3471 – Button Generator < 3.0 - Button Deletion via CSRF
https://notcve.org/view.php?id=CVE-2024-3471
The Button Generator WordPress plugin before 3.0 does not have CSRF check in place when bulk deleting, which could allow attackers to make a logged in admin delete buttons via a CSRF attack El complemento Button Generator de WordPress anterior a 3.0 no tiene activada la verificación CSRF durante la eliminación masiva, lo que podría permitir a los atacantes crear botones de eliminación de un administrador que haya iniciado sesión a través de un ataque CSRF. The Button Generator – easily Button Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.9. This is due to missing or incorrect nonce validation on the button-generation function. This makes it possible for unauthenticated attackers to delete buttons via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://github.com/aelmokhtar/CVE-2024-34716_PoC https://wpscan.com/vulnerability/a3c282fb-81b8-48bf-8c18-8366ea8ad9af • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3472 – Modal Window < 5.3.10 - Modal Deletion via CSRF
https://notcve.org/view.php?id=CVE-2024-3472
The Modal Window WordPress plugin before 5.3.10 does not have CSRF check in place when bulk deleting modals, which could allow attackers to make a logged in admin delete them via a CSRF attack El complemento Modal Window de WordPress anterior a 5.3.10 no tiene activada la verificación CSRF cuando se eliminan modales de forma masiva, lo que podría permitir a los atacantes hacer que un administrador que haya iniciado sesión los elimine mediante un ataque CSRF. The Modal Window – create popup modal window plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.3.9. This is due to missing or incorrect nonce validation on the modal-window page. This makes it possible for unauthenticated attackers to delete modals in bulk via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://wpscan.com/vulnerability/d42f74dd-520f-40aa-9cf0-3544db9562c7 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3476 – Side Menu Lite < 4.2.1 - Menu Deletion via CSRF
https://notcve.org/view.php?id=CVE-2024-3476
The Side Menu Lite WordPress plugin before 4.2.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks El complemento Side Menu Lite de WordPress anterior a 4.2.1 no tiene comprobaciones CSRF en algunas acciones masivas, lo que podría permitir a los atacantes hacer que los administradores que han iniciado sesión realicen acciones no deseadas, como eliminar botones mediante ataques CSRF. The Side Menu Lite – add sticky fixed buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2. This is due to missing or incorrect nonce validation on the side-menu-lite function. This makes it possible for unauthenticated attackers to delete items in bulk via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://wpscan.com/vulnerability/46f74493-9082-48b2-90bc-2c1d1db64ccd • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3475 – Sticky Buttons < 3.2.4 - Button Deletion via CSRF
https://notcve.org/view.php?id=CVE-2024-3475
The Sticky Buttons WordPress plugin before 3.2.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks El complemento Sticky Buttons de WordPress anterior a 3.2.4 no tiene comprobaciones CSRF en algunas acciones masivas, lo que podría permitir a los atacantes hacer que los administradores registrados realicen acciones no deseadas, como eliminar botones mediante ataques CSRF. The Sticky Buttons – floating buttons builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.3. This is due to missing or incorrect nonce validation on the sticky-buttons page. This makes it possible for unauthenticated attackers to delete buttons via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://wpscan.com/vulnerability/bf540242-5306-4c94-ad50-782d0d5b127f • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3474 – Wow Skype Buttons < 4.0.4 - Button Deletion via CSRF
https://notcve.org/view.php?id=CVE-2024-3474
The Wow Skype Buttons WordPress plugin before 4.0.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks El complemento Wow Skype Buttons de WordPress anterior a 4.0.4 no tiene comprobaciones CSRF en algunas acciones masivas, lo que podría permitir a los atacantes hacer que los administradores que han iniciado sesión realicen acciones no deseadas, como eliminar botones mediante ataques CSRF. The Wow Skype Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.3. This is due to missing or incorrect nonce validation on the mwp-skype page. This makes it possible for unauthenticated attackers to delete buttons via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://wpscan.com/vulnerability/e5c3e145-6738-4d85-8507-43ca1b1d5877 • CWE-352: Cross-Site Request Forgery (CSRF) •