PT-2022-9519 · WordPress · Menu Item Visibility Control
Anton Sarsadskikh
+1
·
Published
2022-12-26
·
Updated
2023-06-30
·
CVE-2021-24942
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Menu Item Visibility Control WordPress plugin versions 0.5 and earlier
Description
The issue concerns the Menu Item Visibility Control WordPress plugin, which fails to properly sanitize and validate the
Visibility logic option for WordPress menu items. This could potentially allow highly privileged users to execute arbitrary PHP code, even in environments with heightened security measures.Recommendations
For Menu Item Visibility Control WordPress plugin versions 0.5 and earlier, consider disabling the
Visibility logic option until a patch is available to prevent potential exploitation. Restrict access to this feature to minimize the risk of arbitrary PHP code execution.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Menu Item Visibility Control