Missing Authorization Flaw in Bulk Menu Edit by Michael Revellin-Clerc
CVE-2025-24692

7.1HIGH

Key Information:

Vendor: WordPress
Status: Bulk Menu Edit
Vendor: CVE Published:; 14 February 2025

What is CVE-2025-24692?

A missing authorization vulnerability exists in the Bulk Menu Edit plugin developed by Michael Revellin-Clerc, which could allow unauthenticated users to exploit incorrectly configured access control settings. This issue impacts versions n/a through 1.3, enabling potential unauthorized actions within the application. Administrators are advised to review their access controls and apply necessary updates to safeguard their environments.

Affected Version(s)

Bulk Menu Edit <= 1.3

References

https://patchstack.com/database/wordpress/plugin/bulk-men...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 14, 2025
Vulnerability Reserved
Jan 23, 2025

Credit

theviper17 (Patchstack Alliance)

WordPress

What is CVE-2025-24692?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit