What is CVE-2024-3476?

CVE-2024-3476 is a high-severity vulnerability in Wow-company Side_menu_lite, classified under Cross-Site Request Forgery (CSRF). CVSS score: 8.8/10. Published 2024-05-02.

How severe is CVE-2024-3476?

High severity. CVSS v3 base score is 8.8 out of 10.

Is CVE-2024-3476 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

CSRF in Wow-company Side_menu_lite

CVE-2024-3476

The Side Menu Lite WordPress plugin before 4.2.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.004 (26.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Wow-company Side_menu_lite
Unknown Side Menu Lite — versions 0

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

contact@wpscan.com (Exploit, technical-description, Third Party Advisory, exploit, vdb-entry)

Frequently asked questions

What is CVE-2024-3476?: CVE-2024-3476 is a high-severity vulnerability in Wow-company Side_menu_lite, classified under Cross-Site Request Forgery (CSRF). CVSS score: 8.8/10. Published 2024-05-02.
How severe is CVE-2024-3476?: High severity. CVSS v3 base score is 8.8 out of 10.
Is CVE-2024-3476 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.