The If Menu plugin for WordPress is vulnerable to unauthorized modification of the plugin's license key due to a missing capability check on the 'actions' function in versions up to, and including, 0.19.1. This makes it possible for unauthenticated attackers to modify delete or modify the license key.
Metrics
Affected Vendors & Products
References
History
Tue, 10 Dec 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Andreiigna
Andreiigna if Menu |
|
CPEs | cpe:2.3:a:andreiigna:if_menu:*:*:*:*:*:*:*:* | |
Vendors & Products |
Andreiigna
Andreiigna if Menu |
|
Metrics |
ssvc
|
Sat, 07 Dec 2024 02:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The If Menu plugin for WordPress is vulnerable to unauthorized modification of the plugin's license key due to a missing capability check on the 'actions' function in versions up to, and including, 0.19.1. This makes it possible for unauthenticated attackers to modify delete or modify the license key. | |
Title | If Menu <= 0.19.1 - Missing Authorization to License Key Update | |
Weaknesses | CWE-862 | |
References |
|
|
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-12-07T01:45:53.438Z
Updated: 2024-12-10T16:12:53.573Z
Reserved: 2024-08-16T19:31:50.212Z
Link: CVE-2024-7894
Vulnrichment
Updated: 2024-12-10T16:12:39.706Z
NVD
Status : Received
Published: 2024-12-07T02:15:19.323
Modified: 2024-12-07T02:15:19.323
Link: CVE-2024-7894
Redhat
No data.