Authorization Flaw in My Wp Brand – Hide Menu & Plugin by IMW3
CVE-2024-49694

5.3MEDIUM

Key Information:

Vendor: WordPress
Status: My WP Brand – Hide Menu & Hide Plugin
Vendor: CVE Published:; 31 December 2024

What is CVE-2024-49694?

A missing authorization vulnerability has been identified within the My Wp Brand – Hide Menu & Hide Plugin. This flaw allows unauthorized users to access restricted functionalities, potentially leading to sensitive data exposure. The affected versions range from n/a to 1.1.2, indicating a broader vulnerability within earlier implementations. Organizations using this plugin should take immediate action to mitigate risks associated with broken access control, ensuring the integrity and security of their WordPress environments.

Affected Version(s)

My Wp Brand – Hide menu & Hide Plugin <= 1.1.2

References

https://patchstack.com/database/wordpress/plugin/my-wp-br...

vdb-entry

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 31, 2024
Vulnerability Reserved
Oct 17, 2024

Credit

Abdi Pranata (Patchstack Alliance)