Unauthorized Modification of License Key in If Menu Plugin
CVE-2024-7894

5.3MEDIUM

Key Information:

Vendor: If Menu
Vendor: CVE Published:; 7 December 2024

Summary

The If Menu plugin for WordPress contains a vulnerability that allows unauthorized modification of the plugin's license key. This is due to the absence of a capability check in the plugin's 'actions' function, making versions up to and including 0.19.1 susceptible to exploitation by unauthenticated attackers. The potential for attackers to modify or delete the license key poses significant risks for WordPress users, as it could lead to unauthorized access and manipulation of plugin capabilities.

References

https://plugins.trac.wordpress.org/browser/if-menu/trunk/...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

https://www.wordfence.com/threat-intel/vulnerabilities/id...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 7, 2024

Collectors

NVD Database