CVE-2024-28003 WordPress Max Mega Menu plugin <= 3.3 - Broken Access Control vulnerability

🗓️ 28 Mar 2024 05:52:55Reported by PatchstackType

WordPress Max Mega Menu plugin access control vulnerability

Reporter	Title	Published	Views	Family All 8
CNNVD	WordPress Plugin Max Mega Menu 安全漏洞	28 Mar 202400:00	–	cnnvd
CVE	CVE-2024-28003	28 Mar 202405:52	–	cve
EUVD	EUVD-2024-25177	3 Oct 202520:07	–	euvd
NVD	CVE-2024-28003	28 Mar 202406:15	–	nvd
Patchstack	WordPress Max Mega Menu Plugin <= 3.3 is vulnerable to Broken Access Control	26 Mar 202400:00	–	patchstack
RedhatCVE	CVE-2024-28003	23 May 202507:46	–	redhatcve
Vulnrichment	CVE-2024-28003 WordPress Max Mega Menu plugin <= 3.3 - Broken Access Control vulnerability	28 Mar 202405:52	–	vulnrichment
WPVulnDB	Max Mega Menu < 3.3.1 - Missing Authorization	9 May 202400:00	–	wpvulndb

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "megamenu",
    "product": "Max Mega Menu",
    "vendor": "Megamenu",
    "versions": [
      {
        "changes": [
          {
            "at": "3.3.1",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.3",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
patchstack	www.patchstack.com/database/vulnerability/megamenu/wordpress-max-mega-menu-plugin-3-3-broken-access-control-vulnerability

28 Apr 2026 16:09Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.15.4

EPSS0.0019

CWE-862

cve-2024-28003 wordpress megamenu authorization