CVE-2024-13780

Name of the Vulnerable Software and Affected Versions The Hero Mega Menu - Responsive WordPress Menu Plugin versions up to, and including, 1.16.5

Description The issue arises from insufficient file path validation in the hmenu delete menu() function, allowing unauthenticated attackers to delete arbitrary directories on the server. This can be exploited due to a lack of proper validation, potentially leading to significant disruptions.

Recommendations For versions up to, and including, 1.16.5, update to a version later than 1.16.5 to resolve the issue. As a temporary workaround, consider disabling the hmenu delete menu() function until a patch is available. Restrict access to sensitive directories on the server to minimize the risk of exploitation.