2 matches found
CVE-2024-3474
CVE-2024-3474 concerns the WordPress plugin Wow Skype Buttons (versions before 4.0.4). The issue is a CSRF vulnerability in certain bulk actions that can let an authenticated, logged-in admin perform unauthorized operations, such as deleting buttons, via crafted requests. Public descriptions in R...
CVE-2024-3475
The CVE-2024-3475 issue concerns the Sticky Buttons WordPress plugin. Connected sources confirm that versions prior to 3.2.4 ship with missing CSRF checks on certain bulk actions, enabling an attacker with admin privileges to cause logged-in admins to perform unwanted actions (e.g., deleting butt...