Lucene search
K

5 matches found

NVD
NVD
added 2024/05/02 6:15 a.m.37 views

CVE-2024-3472

The Modal Window WordPress plugin before 5.3.10 does not have CSRF check in place when bulk deleting modals, which could allow attackers to make a logged in admin delete them via a CSRF attack...

5.9CVSS6.4AI score0.00204EPSS
Exploits2References1
CVE
CVE
added 2024/05/02 6:0 a.m.73 views

CVE-2024-3472

CVE-2024-3472 affects the WordPress Modal Window plugin prior to version 5.3.10. It lacks CSRF protection for bulk deletion of modals, enabling CSRF-based admin actions. Red Hat and Patchstack entries corroborate the issue and list the fix as updating to 5.3.10. Remediation: upgrade to 5.3.10 or ...

5.9CVSS6.6AI score0.00204EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2024/05/02 6:0 a.m.51 views

CVE-2024-3472 Modal Window < 5.3.10 - Modal Deletion via CSRF

The Modal Window WordPress plugin before 5.3.10 does not have CSRF check in place when bulk deleting modals, which could allow attackers to make a logged in admin delete them via a CSRF attack...

6.6AI score0.00204EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/05/02 6:0 a.m.12 views

CVE-2024-3472 Modal Window < 5.3.10 - Modal Deletion via CSRF

The Modal Window WordPress plugin before 5.3.10 does not have CSRF check in place when bulk deleting modals, which could allow attackers to make a logged in admin delete them via a CSRF attack...

7AI score0.00204EPSS
Exploits2References1
Patchstack
Patchstack
added 2024/05/02 12:0 a.m.18 views

WordPress Modal Window Plugin < 5.3.10 is vulnerable to Cross Site Request Forgery (CSRF)

Software Modal Window Type Plugin Vulnerable versions 5.3.10 Fixed in 5.3.10 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3472 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 9d7096a40943 Credits Bob Matyas Required...

5.9CVSS6.6AI score0.00204EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder