7.2
CVE-2021-24942
- EPSS 0.98%
- Veröffentlicht 26.12.2022 13:15:11
- Zuletzt bearbeitet 14.04.2025 13:15:14
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginMenu Item Visibility Control <= 0.5 - Authenticated (Admin+) Remote Code Execution
The Menu Item Visibility Control WordPress plugin through 0.5 doesn't sanitize and validate the "Visibility logic" option for WordPress menu items, which could allow highly privileged users to execute arbitrary PHP code even in a hardened environment.
Mögliche Gegenmaßnahme
Menu Item Visibility Control: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Menu Item Visibility Control
Version
*-0.5
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Menu Item Visibility Control Project ≫ Menu Item Visibility Control SwPlatformwordpress Version <= 0.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.98% | 0.763 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|