2 matches found
CVE-2024-8434 Easy Mega Menu Plugin for WordPress – ThemeHunk <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Settings Updates
The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with subscriber-lev...
WordPress ThemeHunk Plugin <= 1.0.9 is vulnerable to Broken Access Control
Software ThemeHunk Type Plugin Vulnerable versions = 1.0.9 Fixed in 1.1.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-8434 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 0bcea717beb5 Credits Lucio Sá Required privilege Subscrib...