exploitDog

CVE-2024-3471

Опубликовано: 02 мая 2024

Источник: nvd

CVSS3: 3.4

EPSS Низкий

Описание

The Button Generator WordPress plugin before 3.0 does not have CSRF check in place when bulk deleting, which could allow attackers to make a logged in admin delete buttons via a CSRF attack

Ссылки

https://wpscan.com/vulnerability/a3c282fb-81b8-48bf-8c18-8366ea8ad9af/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/a3c282fb-81b8-48bf-8c18-8366ea8ad9af/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wow-company:button_generator:*:*:*:*:*:wordpress:*:*

Версия до 3.0 (исключая)

EPSS

Процентиль: 29%

0.00106

Низкий

3.4 Low

CVSS3

Дефекты

CWE-352

Связанные уязвимости

GHSA-p6qv-frqj-63r6

CVSS3: 3.4

github

почти 2 года назад

The Button Generator WordPress plugin before 3.0 does not have CSRF check in place when bulk deleting, which could allow attackers to make a logged in admin delete buttons via a CSRF attack

EPSS

Процентиль: 29%

0.00106

Низкий

3.4 Low

CVSS3

Дефекты

CWE-352