CVE-2024-3474: Wow Skype Buttons < 4.0.4 - Button Deletion via CSRF
First published: Thu May 02 2024(Updated: )
The Wow Skype Buttons WordPress plugin before 4.0.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wow Skype Buttons | <4.0.4 | |
| Skype Buttons | <4.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-3474?
CVE-2024-3474 is classified as a high-severity vulnerability due to the potential for CSRF attacks that can affect logged in administrators.
How do I fix CVE-2024-3474?
To fix CVE-2024-3474, update the Wow Skype Buttons plugin to version 4.0.4 or later to implement proper CSRF checks.
What type of vulnerability is CVE-2024-3474?
CVE-2024-3474 is a Cross-Site Request Forgery (CSRF) vulnerability affecting certain bulk actions in the plugin.
Who is affected by CVE-2024-3474?
Users with the Wow Skype Buttons WordPress plugin version prior to 4.0.4 are affected by CVE-2024-3474.
What actions can an attacker perform due to CVE-2024-3474?
An attacker can exploit CVE-2024-3474 to force logged in administrators to execute unwanted actions, such as deleting Skype buttons.
- agent/title
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/weakness
- agent/source
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/guess-ai
- agent/software-canonical-lookup-request
- vendor/wow-company
- canonical/wow skype buttons
- vendor/wow
- canonical/skype buttons