CVE-2024-3474 Wow Skype Buttons < 4.0.4 - Button Deletion via CSRF

2024-05-0206:00:02

WPScan

www.cve.org

skype buttons

csrf

wordpress plugin

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

The Wow Skype Buttons WordPress plugin before 4.0.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Wow Skype Buttons",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "4.0.4"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

wpscan.com/vulnerability/e5c3e145-6738-4d85-8507-43ca1b1d5877/