WordPress Floating Social Buttons plugin <= 1.5 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Yoshihito Kamata in WordPress Plugin Floating Social Buttons versions = 1.5...

CVE-2024-6405 Floating Social Buttons <= 1.5 - Cross-Site Request Forgery

The Floating Social Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the floatingsocialbuttonsoption function. This makes it possible for unauthenticated attackers to update...

WordPress plugin Floating Social Buttons security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

PT-2024-37599 · WordPress · Floating Social Buttons

Name of the Vulnerable Software and Affected Versions: Floating Social Buttons plugin for WordPress versions up to, and including, 1.5 Description: The issue is due to missing or incorrect nonce validation on the floating social buttons option function, making it possible for unauthenticated...