SQL Injection Vulnerability in Hero Mega Menu Plugin for WordPress
CVE-2024-49303
8.5HIGH
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 21 January 2025
What is CVE-2024-49303?
The Hero Mega Menu - Responsive WordPress Menu Plugin is susceptible to an SQL Injection vulnerability, enabling attackers to manipulate database queries. This flaw may allow unauthorized access to sensitive information or unauthorized modifications in the affected plugin versions up to 1.16.5. It is crucial for users to update to a patched version to safeguard their WordPress environments from potential exploitation.
Affected Version(s)
Hero Mega Menu - Responsive WordPress Menu Plugin <= 1.16.5