Lucene search
Bob MatyasWPVDB-ID:D42F74DD-520F-40AA-9CF0-3544DB9562C7HistoryApr 11, 2024 - 12:00 a.m.
Modal Window < 5.3.10 - Modal Deletion via CSRF
2024-04-1100:00:00
Bob Matyas
wpscan.com
5
modal window
csrf attack
bulk deletion
security vulnerability
admin privilege escalation
Description The plugin does not have CSRF check in place when bulk deleting modals, which could allow attackers to make a logged in admin delete them via a CSRF attack
PoC
Have a logged in admin open an HTML file containing where ID is an existing modal: action
Related
nvd
nvd
CVE-2024-3472
2024-05-02 06:15:50
wpexploit
wpexploit
Modal Window < 5.3.10 - Modal Deletion via CSRF
2024-04-11 00:00:00
cvelist
cvelist
CVE-2024-3472 Modal Window < 5.3.10 - Modal Deletion via CSRF
2024-05-02 06:00:02
vulnrichment
vulnrichment
CVE-2024-3472 Modal Window < 5.3.10 - Modal Deletion via CSRF
2024-05-02 06:00:02
cve
cve
CVE-2024-3472
2024-05-02 06:15:50
wordfence
wordfence
AI Score
6.3
Confidence
High
EPSS
0
Percentile
9.0%
Related for WPVDB-ID:D42F74DD-520F-40AA-9CF0-3544DB9562C7