CVE-2024-2405

2024-05-0206:15:49

WPScan

web.nvd.nist.gov

wordpress

plugin

csrf

vulnerability

admin

nvd

CVSS3

4.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N

AI Score

6.7

Confidence

High

EPSS

Percentile

9.0%

JSON

The Float menu WordPress plugin before 6.0.1 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admin delete arbitrary menu via a CSRF attack.

Affected configurations

Vulners

Vulnrichment

Node

wow-companyfloat_menuRange<6.0.1wordpress

VendorProductVersionCPE
wow-companyfloat_menu*cpe:2.3:a:wow-company:float_menu:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
wow-company	float_menu	*	cpe:2.3:a:wow-company:float_menu::::::wordpress::*

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Float menu ",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "6.0.1"
      }
    ],
    "defaultStatus": "unaffected"
  }
]