Description
The Conditional Menus plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.6. This is due to missing nonce validation on the 'save_options' function. This makes it possible for unauthenticated attackers to modify conditional menu assignments via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Published: 2026-03-26
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Cross‑Site Request Forgery allowing menu assignment tampering
Action: Immediate Patch
AI Analysis

Impact

The Conditional Menus plugin for WordPress suffers from a missing nonce validation in its save_options function. This flaw permits an unauthenticated attacker to forge a request that will change the assignment of conditional menus when a site administrator is tricked into clicking a malicious link. The resulting impact is unauthorized modification of menu structures, which can confuse users or redirect traffic to unintended destinations, compromising the site’s navigation integrity.

Affected Systems

WordPress sites using the Conditional Menus plugin by themifyme, versions up to and including 1.2.6 are vulnerable. No other product or version is listed as affected.

Risk and Exploitability

The CVSS score of 4.3 indicates moderate severity. Exploitation requires a social‑engineering precondition—an administrator clicking a crafted URL—so it is not a remote code execution but depends on user interaction. The EPSS score is not available and the issue is not listed in CISA’s KEV catalog, suggesting limited known exploitation activity at present. Nonetheless, the described attack vector remains actionable and should be treated with caution.

Generated by OpenCVE AI on March 26, 2026 at 15:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Conditional Menus plugin to a version newer than 1.2.6
  • If an update is not immediately possible, deactivate or remove the plugin
  • Verify that the plugin files match the signed version from the author
  • Educate site administrators about the risk of clicking unknown links or URLs
  • Continuously monitor menu configuration for unauthorized changes

Generated by OpenCVE AI on March 26, 2026 at 15:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Themify
Themify conditional Menus
Wordpress
Wordpress wordpress
Vendors & Products Themify
Themify conditional Menus
Wordpress
Wordpress wordpress

Thu, 26 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 13:45:00 +0000

Type Values Removed Values Added
Description The Conditional Menus plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.6. This is due to missing nonce validation on the 'save_options' function. This makes it possible for unauthenticated attackers to modify conditional menu assignments via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Title Conditional Menus <= 1.2.6 - Cross-Site Request Forgery to Menu Options Update
Weaknesses CWE-352
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Subscriptions

Themify Conditional Menus
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-03-26T17:51:15.456Z

Reserved: 2026-01-16T02:49:02.440Z

Link: CVE-2026-1032

cve-icon Vulnrichment

Updated: 2026-03-26T17:47:55.604Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-26T14:16:08.507

Modified: 2026-03-30T13:26:50.827

Link: CVE-2026-1032

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:26:45Z

Weaknesses