CVE-2021-24942

The Menu Item Visibility Control WordPress plugin through 0.5 doesn't sanitize and validate the "Visibility logic" option for WordPress menu items, which could allow highly privileged users to execute arbitrary PHP code even in a hardened environment.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
WPScanCNA
---
---
CVEADP
---
---
CISA-ADPADP
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
VendorProductVersion
menu_item_visibility_control_projectmenu_item_visibility_control
𝑥
≤ 0.5
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/eaa28832-74c1-4cd5-9b0f-02338e23b418
https://wpscan.com/vulnerability/eaa28832-74c1-4cd5-9b0f-02338e23b418