Login Sign Up

CVE-2024-3472

5.9 MEDIUM
CSRF

📋 TL;DR

This Cross-Site Request Forgery (CSRF) vulnerability in the Modal Window WordPress plugin allows attackers to trick authenticated administrators into performing bulk deletion of modals without their consent. Attackers can craft malicious requests that execute when an admin visits a compromised page. This affects WordPress sites using vulnerable versions of the Modal Window plugin.

💻 Affected Systems

Products:
  • Modal Window WordPress Plugin
Versions: All versions before 5.3.10
Operating Systems: All operating systems running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress installation with the Modal Window plugin installed and an authenticated administrator session.

📦 What is this software?

Modal Window by Wow Company

View all CVEs affecting Modal Window →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could delete all modal windows on the site, disrupting functionality and potentially causing business impact if modals contain important content or functionality.

🟠

Likely Case

Selective deletion of important modal windows, causing minor to moderate disruption to site functionality and user experience.

🟢

If Mitigated

No impact if proper CSRF protections are in place or if the plugin is updated to the patched version.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires social engineering to trick an authenticated administrator into visiting a malicious page while logged in.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.3.10 and later

Vendor Advisory: https://wpscan.com/vulnerability/d42f74dd-520f-40aa-9cf0-3544db9562c7/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Modal Window' plugin. 4. Click 'Update Now' if available, or manually update to version 5.3.10+. 5. Verify the plugin version after update.

🔧 Temporary Workarounds

Temporary Plugin Deactivation

all

Deactivate the Modal Window plugin until it can be updated to a secure version.

wp plugin deactivate modal-window

🧯 If You Can't Patch

  • Implement strict access controls to limit administrator access to trusted networks only.
  • Educate administrators about CSRF risks and safe browsing practices while logged into admin panels.

🔍 How to Verify

Check if Vulnerable:

Check the plugin version in WordPress admin under Plugins > Installed Plugins. If version is below 5.3.10, the system is vulnerable.

Check Version:

wp plugin get modal-window --field=version

Verify Fix Applied:

Confirm the Modal Window plugin version is 5.3.10 or higher in the WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

  • Multiple DELETE requests to modal-related endpoints from administrator accounts
  • Unusual bulk deletion patterns in plugin logs

Network Indicators:

  • HTTP POST requests to /wp-admin/admin-ajax.php with action=modal_window_bulk_delete from unexpected sources

SIEM Query:

source="wordpress.log" AND "modal_window_bulk_delete" AND status=200

📊 Metadata

CVE ID: CVE-2024-3472
CVSS v3 Score: 5.9 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-352
Published: May 2, 2024
Last Updated: May 8, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-3472, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)