CVE-2021-24942
Menu Item Visibility Control <= 0.5 - Admin+ Arbitrary PHP Code Execution
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.2EPSS 1.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
26 Dec 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Menu Item Visibility Control WordPress plugin through 0.5 doesn't sanitize and validate the "Visibility logic" option for WordPress menu items, which could allow highly privileged users to execute arbitrary PHP code even in a hardened environment.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
Unknown · Menu Item Visibility ControlWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →