CVE-2024-12774

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jan 27, 2025

Summary

CVE-2024-12774 is a vulnerability affecting the Altra Side Menu plugin for WordPress. This issue allows attackers to execute arbitrary menu deletions via Cross-Site Request Forgery (CSRF) attacks. The plugin, up to version 2.0, fails to implement CSRF checks in certain areas, making it an easy target for unauthorized actions by malicious actors. Successful exploitation could potentially lead to significant site modifications or even complete data loss for affected WordPress installations. Users are advised to update the plugin to the latest version or consider disabling it as a temporary measure until a permanent solution is in place.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/1ueiZZ
https://www.cve.org/CVERecord?id=CVE-2024-12774
https://nvd.nist.gov/vuln/detail/CVE-2024-12774

Back to Vulnerability Database

CVE-2024-12774

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations