WordPress Plugin Vulnerabilities

Bubble Menu - Circle Floating Menu < 3.0.2 - Form Deletion via CSRF

Description

The plugin does not have CSRF checks when deleting forms, which could allow attackers to make logged in users perform such actions via a CSRF attack

Affects Plugins

Plugin icon
bubble-menu
Fixed in 3.0.2

References

CVE
CVE-2023-23984

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Rio Darmawan
Verified
No
WPVDB ID
1d644326-2534-4119-8e19-426f28c8534f

Timeline

Publicly Published
2023-01-20 (about 3 years ago)
Added
2023-03-01 (about 3 years ago)
Last Updated
2023-03-01 (about 3 years ago)

Other

Published
Title
Published
2023-07-07
Title
WordPress Mobile Pack <= 3.4.1 - Cross-Site Request Forgery
Published
2022-03-28
Title
Easy Digital Downloads < 2.11.6 - Arbitrary Payment Note Insertion via CSRF
Published
2024-03-13
Title
DSGVO All in one for WP < 4.4 - Cross-Site Request Forgery
Published
2021-02-04
Title
Contact Form 7 Style <= 3.1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-03-06
Title
Event Tickets with Ticket Scanner < 2.5.4 - Arbitrary Tickets Deletion via CSRF