Wow-Company Modal Window, Cross-Site Request Forgery (CSRF), CVE-2025-24717 (Medium)

By /

Listen to this Post

How the CVE Works

CVE-2025-24717 is a CSRF vulnerability in Wow-Company Modal Window (versions up to 6.1.4). Attackers can craft malicious requests that, when executed by an authenticated user, perform unintended actions (e.g., modifying settings, triggering pop-ups) without consent. The flaw arises due to missing anti-CSRF tokens, allowing forged requests to bypass authentication checks.

DailyCVE Form

Platform: Wow-Company Modal Window
Version: ≀ 6.1.4
Vulnerability: CSRF
Severity: Medium
Date: 07/02/2025

Prediction: Patch by 08/15/2025

What Undercode Say

Analytics:

curl -X GET http://example.com/modal_action --data "payload=malicious_request"

import requests
requests.post("http://victim-site.com/admin/update", data={"config": "compromised"})

How Exploit

  • Craft a malicious HTML form auto-submitting to the vulnerable endpoint.
  • Trick authenticated users into visiting the attacker’s page.
  • Execute unauthorized actions (e.g., admin settings change).

Protection from this CVE

  • Implement anti-CSRF tokens.
  • Upgrade to patched version post-release.
  • Enforce SameSite cookies.

Impact

  • Unauthorized configuration changes.
  • Session hijacking.
  • Privilege escalation.

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

πŸ”JOIN OUR CYBER WORLD [ CVE News β€’ HackMonitor β€’ UndercodeNews ]

πŸ’¬ Whatsapp | πŸ’¬ Telegram

πŸ“’ Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | πŸ”— Linkedin Featured Image

Scroll to Top