1 results (0.001 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2

CVE-2024-3471 – Button Generator < 3.0 - Button Deletion via CSRF

https://notcve.org/view.php?id=CVE-2024-3471

The Button Generator WordPress plugin before 3.0 does not have CSRF check in place when bulk deleting, which could allow attackers to make a logged in admin delete buttons via a CSRF attack El complemento Button Generator de WordPress anterior a 3.0 no tiene activada la verificación CSRF durante la eliminación masiva, lo que podría permitir a los atacantes crear botones de eliminación de un administrador que haya iniciado sesión a través de un ataque CSRF. The Button Generator – easily Button Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.9. This is due to missing or incorrect nonce validation on the button-generation function. This makes it possible for unauthenticated attackers to delete buttons via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://github.com/aelmokhtar/CVE-2024-34716_PoC https://wpscan.com/vulnerability/a3c282fb-81b8-48bf-8c18-8366ea8ad9af • CWE-352: Cross-Site Request Forgery (CSRF) •