Arbitrary PHP Code Execution Vulnerability in Menu Item Visibility Control WordPress Plugin

Arbitrary PHP Code Execution Vulnerability in Menu Item Visibility Control WordPress Plugin

CVE-2021-24942 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

The Menu Item Visibility Control WordPress plugin through 0.5 doesn't sanitize and validate the "Visibility logic" option for WordPress menu items, which could allow highly privileged users to execute arbitrary PHP code even in a hardened environment.

Learn more about our Wordpress Pen Testing.