Arbitrary File Deletion in Hero Mega Menu Plugin for WordPress
CVE-2024-13780
6.5MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 5 March 2025
What is CVE-2024-13780?
The Hero Mega Menu - Responsive WordPress Menu Plugin is prone to a serious security flaw due to inadequate file path validation within the hmenu_delete_menu() function. This vulnerability can allow unauthenticated attackers to delete arbitrary directories on the server, potentially leading to loss of data and disruption of service. All versions of the plugin prior to 1.16.5 are affected, highlighting the need for users to update and secure their installations promptly.
Affected Version(s)
Hero Mega Menu - Responsive WordPress Menu Plugin * <= 1.16.5