CVE-2024-8433

Name of the Vulnerable Software and Affected Versions: The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress versions up to, and including, 1.1.0

Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticated attackers with subscriber-level access and above to inject arbitrary web scripts in pages via the themehunk megamenu bg image parameter. The scripts will execute whenever a user accesses an injected page.

Recommendations: For versions up to, and including, 1.1.0, consider disabling the themehunk megamenu bg image parameter until a complete fix is available, as 1.1.0 only partially addresses the issue by adding missing authorization protection.