CVE-2024-3476 Side Menu Lite < 4.2.1 - Menu Deletion via CSRF

2024-05-0206:00:03

WPScan

www.cve.org

cve-2024-3476

wordpress

csrf

menu deletion

AI Score

6.7

Confidence

High

EPSS

Percentile

9.0%

JSON

The Side Menu Lite WordPress plugin before 4.2.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Side Menu Lite ",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "4.2.1"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

wpscan.com/vulnerability/46f74493-9082-48b2-90bc-2c1d1db64ccd/