EPSS
Percentile
31.6%
The plugin does not have authorisation and CSRF in an AJAX action, which could allow unauthenticated attackers to delete arbitrary posts/pages from the blog
https://example.com/wp-admin/admin-ajax.php?action=filter_menu&val=[post-id]
plugins.trac.wordpress.org/changeset?new=2749780%40wp-edit-menu%2Ftrunk&old=2220186%40wp-edit-menu%2Ftrunk