WordPress Plugin Vulnerabilities

Float Menu < 4.3.1 - Arbitrary Menu Deletion via CSRF

The plugin does not have CSRF check in place when deleting menu, which could allow attackers to make a logged in admin delete them via a CSRF attack

https://example.com/wp-admin/admin.php?page=float-menu&info=delete&did=1

Fixed in version 4.3.1

CVE

URL

Type

CSRF

OWASP top 10

CWE

Original Researcher

Krzysztof Zając

Submitter

Krzysztof Zając

Submitter website

Verified

Yes

WPVDB ID

Publicly Published

2022-01-24 (about 3 months ago)

Added

2022-01-24 (about 3 months ago)

Last Updated

2022-04-11 (about 1 months ago)