SQL Injection Vulnerability in NotFound Hero Mega Menu Plugin for WordPress
CVE-2024-49333

8.5HIGH

Key Information:

Vendor: Wordpress
Status: Hero Mega Menu - Responsive WordPress Menu Plugin
Vendor: CVE Published:; 21 January 2025

Summary

The NotFound Hero Mega Menu - Responsive WordPress Menu Plugin exhibits a vulnerability that allows for SQL Injection, enabling attackers to manipulate queries executed by the database. This flaw can expose sensitive information and lead to unauthorized actions. The vulnerability impacts versions from n/a to 1.16.5, highlighting the importance of updating to mitigate possible exploitation. Website administrators using this plugin should review their systems and apply necessary patches to defend against potential SQL injection attacks.

Affected Version(s)

Hero Mega Menu - Responsive WordPress Menu Plugin <= 1.16.5

References

https://patchstack.com/database/wordpress/plugin/hmenu/vu...

vdb-entry

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 21, 2025
Vulnerability Reserved
Oct 14, 2024

Credit

Bonds (Patchstack Alliance)