Lucene search
Anton SarsadskikhWPEX-ID:EAA28832-74C1-4CD5-9B0F-02338E23B418HistoryNov 29, 2022 - 12:00 a.m.
Menu Item Visibility Control <= 0.5 - Admin+ Arbitrary PHP Code Execution
2022-11-2900:00:00
Anton Sarsadskikh
88
admin access
visibility control
php code execution
menu vulnerability
0.001 Low
EPSS
Percentile
44.7%
The plugin doesn’t sanitize and validate the “Visibility logic” option for WordPress menu items, which could allow highly privileged users to execute arbitrary PHP code even in a hardened environment.
1. As an admin, go to "Appearance -> Menus" and create a menu with some items of your choice.
2. In the "Menu structure" click on any item (the arrow down on the right of 'Page') and locate "Visibility logic" field.
3. Add the following code in the field: file_put_contents('/var/www/hacked.php', '<?php echo "failed"; ?>')
4. After saving changes and navigating to the menu's location, the visibility logic triggers executing our payload.Related
cve
cve
CVE-2021-24942
2022-12-26 13:15:11
nvd
nvd
CVE-2021-24942
2022-12-26 13:15:11
cvelist
cvelist
wpvulndb
wpvulndb
Menu Item Visibility Control <= 0.5 - Admin+ Arbitrary PHP Code Execution
2022-11-29 00:00:00
prion
prion
Code injection
2022-12-26 13:15:00