Arbitrary PHP Code Execution Vulnerability in Menu Item Visibility Control WordPress Plugin
CVE-2021-24942 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
The Menu Item Visibility Control WordPress plugin through 0.5 doesn't sanitize and validate the "Visibility logic" option for WordPress menu items, which could allow highly privileged users to execute arbitrary PHP code even in a hardened environment.
Learn more about our Wordpress Pen Testing.