PT-2025-1949 · WordPress · Altra Side Menu
Bob Matyas
·
Published
2025-01-27
·
Updated
2026-01-09
·
CVE-2024-12774
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Altra Side Menu WordPress plugin through 2.0
Description
The issue is related to the lack of CSRF checks in some places, which could allow attackers to make logged-in admins delete arbitrary menus via a CSRF attack. This could potentially be exploited by attackers to manipulate the menu settings of affected WordPress installations.
Recommendations
Altra Side Menu WordPress plugin through 2.0: Update the plugin to a version that includes CSRF checks to prevent such attacks. As a temporary workaround, consider restricting access to the plugin's menu settings to minimize the risk of exploitation.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Altra Side Menu