CVE-2024-3476

CWE-352Cross-Site Request Forgery (CSRF)3 documents3 sources
Severity
8.8HIGH
EPSS
0.4%
top 38.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Side Menu LiteWow-company Side Menu Lite
Timeline
PublishedMay 2

Description

The Side Menu Lite WordPress plugin before 4.2.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5unknown/side_menu_lite< 4.2.1

🔴Vulnerability Details

2
CVEList
Side Menu Lite < 4.2.1 - Menu Deletion via CSRF2024-05-02
GHSA
GHSA-w2rv-8vw7-735j: The Side Menu Lite WordPress plugin before 42024-05-02
CVE-2024-3476 (HIGH CVSS 8.8) | The Side Menu Lite WordPress plugin | cvebase.io