SQL Injection Vulnerability in Hero Mega Menu Plugin for WordPress
CVE-2024-13778
6.5MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 5 March 2025
What is CVE-2024-13778?
The Hero Mega Menu - Responsive WordPress Menu Plugin is susceptible to SQL Injection due to inadequate escaping of user-supplied parameters and poor preparation in the SQL query structure. This vulnerability allows authenticated attackers, such as those with Subscriber-level access, to inject additional SQL commands into existing queries. As a result, attackers can potentially extract sensitive data from the database, leading to significant security risks for affected WordPress sites.
Affected Version(s)
Hero Mega Menu - Responsive WordPress Menu Plugin * <= 1.16.5