- Description
- The If Menu plugin for WordPress is vulnerable to unauthorized modification of the plugin's license key due to a missing capability check on the 'actions' function in versions up to, and including, 0.19.1. This makes it possible for unauthenticated attackers to modify delete or modify the license key.
- Source
- security@wordfence.com
- NVD status
- Received
CVSS 3.1
- Type
- Primary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
- Severity
- MEDIUM
- security@wordfence.com
- CWE-862
- Hype score
- Not currently trending
CVE-2024-7894 Unauthorized License Key Modification in If Menu Plugin for WordPress The If Menu plugin for WordPress up to version 0.19.1 has a vulnerability. This is because there is no capability check for the ... https://t.co/DIAYu6Ercr
@VulmonFeeds
7 Dec 2024
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-7894 The If Menu plugin for WordPress is vulnerable to unauthorized modification of the plugin's license key due to a missing capability check on the 'actions' function in v… https://t.co/teqxSsi6pa
@CVEnew
7 Dec 2024
239 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes