Overview
- Description
- The Menu Item Visibility Control WordPress plugin through 0.5 doesn't sanitize and validate the "Visibility logic" option for WordPress menu items, which could allow highly privileged users to execute arbitrary PHP code even in a hardened environment.
- Source
- contact@wpscan.com
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:menu_item_visibility_control_project:menu_item_visibility_control:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "9240B75E-BCE7-4407-AEF2-709C18BD3401",
"versionEndIncluding": "0.5"
}
],
"operator": "OR"
}
]
}
]