WordPress Modal Window plugin < 5.3.10 - Modal Deletion via CSRF vulnerability

Modal Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Modal Window versions 5.3.10...

CVE-2024-3472

The Modal Window WordPress plugin before 5.3.10 does not have CSRF check in place when bulk deleting modals, which could allow attackers to make a logged in admin delete them via a CSRF attack...

CVE-2024-3472

CVE-2024-3472 affects the WordPress Modal Window plugin prior to version 5.3.10. It lacks CSRF protection for bulk deletion of modals, enabling CSRF-based admin actions. Red Hat and Patchstack entries corroborate the issue and list the fix as updating to 5.3.10. Remediation: upgrade to 5.3.10 or ...

WordPress Modal Window Plugin < 5.3.10 is vulnerable to Cross Site Request Forgery (CSRF)

Software Modal Window Type Plugin Vulnerable versions 5.3.10 Fixed in 5.3.10 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3472 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 9d7096a40943 Credits Bob Matyas Required...

WordPress plugin Modal Window 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-26133 · WordPress · Modal Window

Name of the Vulnerable Software and Affected Versions: The Modal Window WordPress plugin versions prior to 5.3.10 Description: The issue is related to the lack of a CSRF check when bulk deleting modals, which could allow attackers to make a logged-in admin delete them via a CSRF attack...

Modal Window < 5.3.10 - Modal Deletion via CSRF

Description The plugin does not have CSRF check in place when bulk deleting modals, which could allow attackers to make a logged in admin delete them via a CSRF attack PoC Have a logged in admin open an HTML file containing where ID is an existing modal: action...

Modal Window < 5.3.10 - Modal Deletion via CSRF

Description The plugin does not have CSRF check in place when bulk deleting modals, which could allow attackers to make a logged in admin delete them via a CSRF attack Have a logged in admin open an HTML file containing where ID is an existing modal: action...

CVE-2024-2457

The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 5.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-2457

The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 5.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-2457

The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 5.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress Plugin Modal Window 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-20459 · WordPress · Modal Window

Name of the Vulnerable Software and Affected Versions: The Modal Window plugin for WordPress versions up to, and including, 5.3.8 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's shortcodes, allowing authenticated...

WordPress Modal Window Plugin <= 5.3.8 is vulnerable to Cross Site Scripting (XSS)

Software Modal Window Type Plugin Vulnerable versions = 5.3.8 Fixed in 5.3.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2457 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 09edbec50b76 Credits Krzysztof Zając Required...

Modal Window < 5.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Modal Window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

Cross site scripting

The Modal Window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-lev...

WordPress plugin Modal Window Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

CVE-2023-5161 Modal Window <= 5.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Modal Window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-lev...

CVE-2023-5161 Modal Window <= 5.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Modal Window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-lev...

CVE-2023-5161

CVE-2023-5161 – WordPress Modal Window plugin is vulnerable to stored XSS via shortcode attributes in versions up to 5.3.5. Root cause: insufficient input sanitization and output escaping for user-supplied shortcode attributes. Impact: authenticated attackers with contributor-level permissions ca...