Unrated severityNVD Advisory· Published Dec 26, 2022· Updated Apr 14, 2025

Menu Item Visibility Control <= 0.5 - Admin+ Arbitrary PHP Code Execution

CVE-2021-24942

Description

The Menu Item Visibility Control WordPress plugin through 0.5 doesn't sanitize and validate the "Visibility logic" option for WordPress menu items, which could allow highly privileged users to execute arbitrary PHP code even in a hardened environment.

Affected products

WordPress/Menu Item Visibility Controlinferred
Range: <= 0.5
Package: https://wordpress.org/plugins/menu-item-visibility-control

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

wpscan.com/vulnerability/eaa28832-74c1-4cd5-9b0f-02338e23b418mitreexploitvdb-entrytechnical-description

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000