CVE-2021-24348

Name of the Vulnerable Software and Affected Versions Side Menu – add fixed side buttons WordPress plugin versions prior to 3.1.5

Description The issue concerns the menu delete functionality, which is accessible to Administrator users. It takes the did GET parameter and uses it in an SQL statement without proper sanitization, validation, or escaping, leading to a SQL Injection issue.

Recommendations For versions prior to 3.1.5, update to version 3.1.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the menu delete functionality to minimize the risk of exploitation.