WordPress Superfly Menu Plugin <= 5.0.29 is vulnerable to Cross Site Request Forgery (CSRF)

Blodarn · August 14, 2024, 10:52pm

Cross Site Request Forgery (CSRF)

This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication.

This is a general description of this vulnerability type, specific impact varies case by case. CVSS score is a way to evaluate and rank reported vulnerabilities in a standardized and repeatable way, but it is not ideal for WordPress.

See : https://patchstack.com/database/vulnerability/superfly-menu/wordpress-superfly-responsive-menu-plugin-5-0-29-cross-site-request-forgery-to-arbitrary-file-deletion-vulnerability?_a_id=241

christian · August 15, 2024, 9:40am

Hey @Blodarn,

Thank you for reporting the issue. We’ll check if there is a Superfly update and see if we can push it as soon as possible.

rubin · August 15, 2024, 2:51pm

Hey There,

Version 5.0.30 is available via automatic updates. Make sure that you X/Pro installation is validated. All the best!

Blodarn · August 15, 2024, 7:41pm

Thank you !

marc_a · August 15, 2024, 10:07pm

Hey @Blodarn,

You’re most welcome!

system · August 25, 2024, 10:07pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.