Menu Item Visibility Control <= 0.5 – Admin+ Arbitrary PHP Code Execution | CVE 2021-24942 | Plugin Vulnerabilities

Description

The plugin doesn't sanitize and validate the "Visibility logic" option for WordPress menu items, which could allow highly privileged users to execute arbitrary PHP code even in a hardened environment.

Proof of Concept

1. As an admin, go to "Appearance -> Menus" and create a menu with some items of your choice.

2. In the "Menu structure" click on any item (the arrow down on the right of 'Page') and locate "Visibility logic" field.

3. Add the following code in the field: file_put_contents('/var/www/hacked.php', '<?php echo "failed"; ?>')

4. After saving changes and navigating to the menu's location, the visibility logic triggers executing our payload.

Affects Plugins

menu-items-visibility-control

No known fix

References

CVE

Classification

Type

RCE

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

bl4derunner

Submitter

Anton Sarsadskikh

Verified

Yes

WPVDB ID

eaa28832-74c1-4cd5-9b0f-02338e23b418

Timeline

Publicly Published

2022-11-29 (about 1 years ago)

Added

2022-11-29 (about 1 years ago)

Last Updated

2022-11-29 (about 1 years ago)

Other

Published

Title

Published

2024-05-14

Title

Insert or Embed Articulate Content into WordPress <= 4.3000000023 - Author+ Upload to RCE

Published

2014-08-01

Title

Wordpress <= 1.5.1.3 - Remote Code Execution

Published

2021-09-13

Title

EditorsKit < 1.31.6 - Contributor+ Arbitrary PHP Code Execution

Published

2023-09-19

Title

File Manager Pro < 1.8.1 - Admin+ Remote Code Execution

Published

2014-08-01

Title

DZS Video Gallery - ajax.php source Parameter Reflected XSS