What the vulnerability does
01Description
The Float menu WordPress plugin before 4.3.1 does not have CSRF check in place when deleting menu, which could allow attackers to make a logged in admin delete them via a CSRF attack
CVE-2022-0313
CVE-2022-0313: Float Menu < 4.3.1 - Arbitrary Menu Deletion via CSRF
CVSS base score
—
Key dates
02Disclosure timeline
February 21, 2022
CVE published
August 2, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2024-13510 ShopSite <= 1.5.10 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVE-2026-24666 Open eClass is Vulnerable to CSRF in Teacher-Restricted Endpoints Allows Unauthorized Actions
CVE-2025-14616 Recooty <= 1.0.6 - Cross-Site Request Forgery to Settings Update
CVE-2023-1342 RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via 'ucss_connect'
CVE-2017-20062 Elefant CMS cross-site request forgery
