7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
44.7%
The Menu Item Visibility Control WordPress plugin through 0.5 doesn’t sanitize and validate the “Visibility logic” option for WordPress menu items, which could allow highly privileged users to execute arbitrary PHP code even in a hardened environment.
Vendor | Product | Version | CPE |
---|---|---|---|
menu_item_visibility_control_project | menu_item_visibility_control | * | cpe:2.3:a:menu_item_visibility_control_project:menu_item_visibility_control:*:*:*:*:*:*:*:* |
[
{
"vendor": "Unknown",
"product": "Menu Item Visibility Control",
"collectionURL": "https://wordpress.org/plugins",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThanOrEqual": "0.5"
}
],
"defaultStatus": "affected"
}
]