6 matches found
CVE-2024-3475
The Sticky Buttons WordPress plugin before 3.2.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks...
CVE-2024-3475
The Sticky Buttons WordPress plugin before 3.2.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks...
CVE-2024-3475 Sticky Buttons < 3.2.4 - Button Deletion via CSRF
The Sticky Buttons WordPress plugin before 3.2.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks...
CVE-2024-3475
The CVE-2024-3475 issue concerns the Sticky Buttons WordPress plugin. Connected sources confirm that versions prior to 3.2.4 ship with missing CSRF checks on certain bulk actions, enabling an attacker with admin privileges to cause logged-in admins to perform unwanted actions (e.g., deleting butt...
CVE-2024-3475 Sticky Buttons < 3.2.4 - Button Deletion via CSRF
The Sticky Buttons WordPress plugin before 3.2.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks...
WordPress Sticky Buttons Plugin < 3.2.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software Sticky Buttons Type Plugin Vulnerable versions 3.2.4 Fixed in 3.2.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3475 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID c9f456e279d5 Credits Bob Matyas Required...