Skip to main content

Advance Nav Menu Manager EUVDEUVD-2026-38685

| CVE-2026-8688 MEDIUM
Missing Authorization (CWE-862)
2026-06-24 Wordfence GHSA-239x-hvpx-225m
4.3
CVSS 3.1 · Vendor: Wordfence
Share

Severity by source

Vendor (Wordfence) PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
vuln.today AI
4.3 MEDIUM

Network-accessible WordPress plugin requires subscriber-level authentication (PR:L); impact is integrity-only and limited to nav menu items, with no confidentiality or availability effect.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (Wordfence).

CVSS VectorVendor: Wordfence

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
Jun 24, 2026 - 07:01 vuln.today
CVE Published
Jun 24, 2026 - 05:33 cve.org
MEDIUM 4.3

DescriptionCVE.org

The Advance Nav Menu Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to duplicate, copy, move, or publish nav_menu_item posts via wp_insert_post(), modifying the site's navigation menus without authorization.

AnalysisAI

Authorization bypass in the Advance Nav Menu Manager WordPress plugin (all versions through 1.3) permits any authenticated subscriber-level user to manipulate site navigation menus without authorization. The plugin invokes wp_insert_post() for nav_menu_item operations - duplicate, copy, move, and publish - without enforcing capability checks, allowing low-privilege users to alter navigation structure at will. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain or register subscriber-level WordPress account
Delivery
Authenticate to target WordPress site
Exploit
Send crafted POST request to plugin-managed endpoint
Execution
Plugin invokes wp_insert_post() without capability check
Persist
Unauthorized nav_menu_item post action succeeds
Impact
Navigation menus modified without administrator knowledge

Vulnerability AssessmentAI

Exploitation Exploitation requires a valid WordPress user account at subscriber level or above - the lowest default authenticated role in WordPress, obtainable via standard user registration if open registration is enabled. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The NVD-assigned CVSS 3.1 score of 4.3 (Medium) with vector AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N accurately reflects the limited blast radius: network exploitable, no complexity barriers, requires only low-privilege authentication, with integrity-only impact constrained to navigation menu items. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker registers or leverages an existing subscriber-level WordPress account on the target site, then sends authenticated HTTP requests to the plugin's endpoint that triggers the unguarded wp_insert_post() calls in class-advancenavmenumanager.php. Because no capability check intercepts the request, the attacker can duplicate, move, or publish nav_menu_item posts - for example, replacing legitimate navigation links with attacker-controlled URLs to facilitate phishing or SEO manipulation without alerting administrators.
Remediation No exact patched version number is specified in the available data - patch availability should be independently verified via the Wordfence advisory at https://www.wordfence.com/threat-intel/vulnerabilities/id/e234a79d-5d46-44db-833c-51e202dc49bf and the WordPress plugin repository. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-38685 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy