WordPress Plugin Vulnerabilities

Advanced Menu Manager < 3.0 - Unauthorised Menu Edition via CSRF

Description

The plugin does not properly check for CSRF in its amm_save_existing_menu function, allowing attackers to make logged in high privilege users edit menus via a CSRF attack

Proof of Concept

Affects Plugins

Plugin icon
advance-menu-manager
Fixed in 3.0

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
WPScanTeam
Verified
Yes
WPVDB ID
22fec834-6b97-4921-98e1-002ae918d315

Timeline

Publicly Published
2021-07-12 (about 4 years ago)
Added
2021-07-12 (about 4 years ago)
Last Updated
2021-09-15 (about 4 years ago)

Other

Published
Title
Published
2025-03-11
Title
Frontpage category filter <= 1.0.2 - Cross-Site Request Forgery
Published
2021-10-13
Title
Colorful Categories < 2.0.15 - Arbitrary Colors Update via CSRF
Published
2025-03-28
Title
OmniLeads Scripts and Tags Manager <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2024-04-05
Title
ENL Newsletter <= 1.0.1 - Campaign Deletion via CSRF
Published
2025-04-09
Title
KeyCAPTCHA <= 2.5.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting