CVE-2024-12022 - Vulnerability Details

Description

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-52485. Reason: This candidate is a reservation duplicate of CVE-2024-52485. Notes: All CVE users should reference CVE-2024-52485 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Published: 2025-01-07

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2024-50539	REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-52485. Reason: This candidate is a reservation duplicate of CVE-2024-52485. Notes: All CVE users should reference CVE-2024-52485 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

No reference.

History

Fri, 17 Jan 2025 17:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-862
References	https://plugins.trac.wordpress.org/browser/wp-menu-image/trunk/init/wmi-functions.php#L126 https://www.wordfence.com/threat-intel/vulnerabilities/id/e96193c0-ddde-463b-a68e-672ab6f812c7?source=cve
Metrics	cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}`

Fri, 17 Jan 2025 17:15:00 +0000

Type	Values Removed	Values Added
Title	WP Menu Image <= 2.2 - Unauthenticated Menu Image Deletion
Metrics	ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 17 Jan 2025 17:00:00 +0000

Type	Values Removed	Values Added
Description	The WP Menu Image plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wmi_delete_img_menu' function in all versions up to, and including, 2.2. This makes it possible for unauthenticated attackers to delete images from menus.	REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-52485. Reason: This candidate is a reservation duplicate of CVE-2024-52485. Notes: All CVE users should reference CVE-2024-52485 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Tue, 07 Jan 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 07 Jan 2025 03:30:00 +0000

Type	Values Removed	Values Added
Description		The WP Menu Image plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wmi_delete_img_menu' function in all versions up to, and including, 2.2. This makes it possible for unauthenticated attackers to delete images from menus.
Title		WP Menu Image <= 2.2 - Unauthenticated Menu Image Deletion
Weaknesses		CWE-862
References		https://plugins.trac.wordpress.org/browser/wp-menu-image/trunk/init/wmi-functions.php#L126 https://www.wordfence.com/threat-intel/vulnerabilities/id/e96193c0-ddde-463b-a68e-672ab6f812c7?source=cve
Metrics		cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}`

Subscriptions

No data.

MITRE

Status: REJECTED

Assigner: Wordfence

Published: 2025-01-07T03:21:59.218Z

Updated: 2025-01-17T16:48:31.902Z

Reserved: 2024-12-02T14:28:44.140Z

Link: CVE-2024-12022

Vulnrichment

Updated:

NVD

Status : Rejected

Published: 2025-01-07T04:15:07.677

Modified: 2025-01-17T17:15:10.533

Link: CVE-2024-12022

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

No weakness.

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object