CVE-2025-58798
Description
Cross-Site Request Forgery (CSRF) vulnerability in Bjorn Manintveld BCM Duplicate Menu bcm-duplicate-menu allows Cross Site Request Forgery.This issue affects BCM Duplicate Menu: from n/a through <= 1.1.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
CSRF vulnerability in BCM Duplicate Menu plugin for WordPress allows attackers to force authenticated users to perform unintended actions.
The BCM Duplicate Menu plugin for WordPress, versions up to and including 1.1.3, contains a Cross-Site Request Forgery (CSRF) vulnerability [1]. This flaw allows an attacker to trick a logged-in administrator into executing unwanted actions without their consent.
Exploitation requires user interaction, such as clicking a malicious link or visiting a crafted page [1]. No authentication is needed from the attacker, but the victim must have appropriate privileges (e.g., admin).
If successfully exploited, an attacker can perform actions as the victim, such as modifying menu settings, leading to potential site compromise or data manipulation [1].
The vulnerability is present in all versions up to and including 1.1.3. Users are advised to update the plugin to the latest patched version as soon as possible [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=1.1.3
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.