CVE-2024-2405
MEDIUMFloat menu < 6.0.1 - Cross-Site Request Forgery in Bulk Actions
Title source: llmDescription
The Float menu WordPress plugin before 6.0.1 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admin delete arbitrary menu via a CSRF attack.
References (1)
Core 1
Core References
Exploit, Third Party Advisory exploit
vdb-entry
technical-description
https://wpscan.com/vulnerability/c42ffa15-6ebe-4c70-9e51-b95bd05ea04d/
Scores
CVSS v3
4.5
EPSS
0.0028
EPSS Percentile
19.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-352
Status
published
Products (1)
wow-company/float_menu
< 6.0.1
Published
May 02, 2024
Tracked Since
Feb 18, 2026