CVE-2024-3471

CWE-352 — Cross-Site Request Forgery (CSRF)3 documents3 sources

Severity

3.4LOW

EPSS

0.1%

top 72.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown Button Generator Wow-company Button Generator

Timeline

PublishedMay 2

Description

The Button Generator WordPress plugin before 3.0 does not have CSRF check in place when bulk deleting, which could allow attackers to make a logged in admin delete buttons via a CSRF attack

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:NExploitability: 1.7 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5unknown/button_generator< 3.0

▶NVDwow-company/button_generator< 3.0

🔴Vulnerability Details

CVEList

Button Generator < 3.0 - Button Deletion via CSRF↗2024-05-02

▶

GHSA

GHSA-p6qv-frqj-63r6: The Button Generator WordPress plugin before 3↗2024-05-02

▶