CVE-2024-2508

Name of the Vulnerable Software and Affected Versions WP Mobile Menu plugin for WordPress versions up to, and including, 2.8.4.4

Description The issue allows unauthorized modification of data due to a missing capability check on the save menu item icon function. This makes it possible for unauthenticated attackers to add the mobmenu icon post meta to arbitrary posts with an arbitrary (but sanitized) value.

Recommendations For versions up to, and including, 2.8.4.4, consider updating to a version that fully addresses this issue, as version 2.8.4.4 only contains a partial fix. As a temporary workaround, consider disabling the save menu item icon function until a fully patched version is available.