{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2021-24942","assignerOrgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","state":"PUBLISHED","assignerShortName":"WPScan","dateReserved":"2021-01-14T15:03:46.814Z","datePublished":"2022-12-26T12:28:21.456Z","dateUpdated":"2025-04-14T13:01:26.113Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","shortName":"WPScan","dateUpdated":"2023-01-10T09:11:11.477Z"},"title":"Menu Item Visibility Control <= 0.5 - Admin+ Arbitrary PHP Code Execution","problemTypes":[{"descriptions":[{"description":"CWE-94 Improper Control of Generation of Code ('Code Injection')","lang":"en","type":"CWE"}]}],"affected":[{"vendor":"Unknown","product":"Menu Item Visibility Control","collectionURL":"https://wordpress.org/plugins","versions":[{"status":"affected","versionType":"custom","version":"0","lessThanOrEqual":"0.5"}],"defaultStatus":"affected"}],"descriptions":[{"lang":"en","value":"The Menu Item Visibility Control WordPress plugin through 0.5 doesn't sanitize and validate the \"Visibility logic\" option for WordPress menu items, which could allow highly privileged users to execute arbitrary PHP code even in a hardened environment."}],"references":[{"url":"https://wpscan.com/vulnerability/eaa28832-74c1-4cd5-9b0f-02338e23b418","tags":["exploit","vdb-entry","technical-description"]}],"credits":[{"lang":"en","value":"bl4derunner","type":"finder"},{"lang":"en","value":"WPScan","type":"coordinator"}],"source":{"discovery":"EXTERNAL"},"x_generator":{"engine":"WPScan CVE Generator"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T19:49:13.528Z"},"title":"CVE Program Container","references":[{"url":"https://wpscan.com/vulnerability/eaa28832-74c1-4cd5-9b0f-02338e23b418","tags":["exploit","vdb-entry","technical-description","x_transferred"]}]},{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":7.2,"attackVector":"NETWORK","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"HIGH","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-04-14T13:01:01.674187Z","id":"CVE-2021-24942","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-04-14T13:01:26.113Z"}}]}}