Lucene search
WPScanCVELIST:CVE-2021-24942HistoryDec 26, 2022 - 12:28 p.m.
CVE-2021-24942 Menu Item Visibility Control <= 0.5 - Admin+ Arbitrary PHP Code Execution
2022-12-2612:28:21
WPScan
www.cve.org
cve-2021-24942
menu item visibility control
wordpress
plugin
vulnerability
admin
code execution
php
validation
sanitization
menu items
0.001 Low
EPSS
Percentile
44.7%
The Menu Item Visibility Control WordPress plugin through 0.5 doesn’t sanitize and validate the “Visibility logic” option for WordPress menu items, which could allow highly privileged users to execute arbitrary PHP code even in a hardened environment.
CNA Affected
[
{
"vendor": "Unknown",
"product": "Menu Item Visibility Control",
"collectionURL": "https://wordpress.org/plugins",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThanOrEqual": "0.5"
}
],
"defaultStatus": "affected"
}
]Related
nvd
nvd
CVE-2021-24942
2022-12-26 13:15:11
wpvulndb
wpvulndb
Menu Item Visibility Control <= 0.5 - Admin+ Arbitrary PHP Code Execution
2022-11-29 00:00:00
prion
prion
Code injection
2022-12-26 13:15:00
cve
cve
CVE-2021-24942
2022-12-26 13:15:11
wpexploit
wpexploit
Menu Item Visibility Control <= 0.5 - Admin+ Arbitrary PHP Code Execution
2022-11-29 00:00:00