PT-2024-38665 · WordPress · Menu
Marco Wotschka
·
Published
2024-12-07
·
Updated
2024-12-07
·
CVE-2024-7894
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
If Menu plugin for WordPress versions up to, and including, 0.19.1
Description
The issue allows unauthorized modification of the plugin's license key due to a missing capability check on the
actions function. This makes it possible for unauthenticated attackers to modify or delete the license key.Recommendations
For versions up to, and including, 0.19.1, update to a version that includes a capability check for the
actions function to prevent unauthorized license key modification.Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Menu