CVE-2024-8434

Name of the Vulnerable Software and Affected Versions: Easy Mega Menu Plugin for WordPress – ThemeHunk plugin versions up to, and including, 1.0.9

Description: The issue arises from a missing capability check on several functions hooked via AJAX, allowing authenticated attackers with subscriber-level access and above to perform unauthorized actions, such as updating plugin settings.

Recommendations: For versions up to, and including, 1.0.9, update to a version higher than 1.0.9 to resolve the issue. As a temporary workaround, consider restricting access to the AJAX functions until a patch is available. Restrict subscriber-level access and above to minimize the risk of exploitation.