CSRF Vulnerability in Admin Menu Editor
CVE-2024-24876

8.8HIGH

Key Information:

Vendor: WordPress
Status: Admin Menu Editor
Vendor: CVE Published:; 21 February 2024

What is CVE-2024-24876?

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Admin Menu Editor plugin developed by Janis Elsts. This issue allows attackers to trick users into executing unwanted actions on the WordPress site, potentially compromising website security and user data integrity. The vulnerability affects versions of Admin Menu Editor from n/a up to 1.12, making timely updates crucial for maintaining the security posture of affected installations.

Affected Version(s)

Admin Menu Editor <= 1.12

References

https://patchstack.com/database/vulnerability/admin-menu-...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 21, 2024
Vulnerability Reserved
Feb 1, 2024

Credit

Dhabaleshwar Das (Patchstack Alliance)