Mikelgorraiz

**Name of the Vulnerable Software and Affected Versions** WordPress Mega Menu plugin versions up to, and including, 2.0.6 **Description** The WordPress Mega Menu plugin is vulnerable to Arbitrary File Creation, allowing unauthenticated attackers to create arbitrary PHP files that can be used to execute malicious code via the `compiler save` AJAX action. This vulnerability enables remote code execution. Users are urged to update to the latest version immediately to mitigate risks. **Recommendations** For WordPress Mega Menu plugin versions up to, and including, 2.0.6, update to the latest version immediately to resolve the issue. As a temporary workaround, consider disabling the `compiler save` AJAX action until a patch is available. Restrict access to the vulnerable plugin to minimize the risk of exploitation.