Advance Nav Menu Manager
Monthly
Authorization bypass in the Advance Nav Menu Manager WordPress plugin (all versions through 1.3) permits any authenticated subscriber-level user to manipulate site navigation menus without authorization. The plugin invokes wp_insert_post() for nav_menu_item operations - duplicate, copy, move, and publish - without enforcing capability checks, allowing low-privilege users to alter navigation structure at will. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV; however, the low barrier to exploitation (any registered subscriber account) makes it a meaningful risk on sites with open or compromised user registration.
Authorization bypass in the Advance Nav Menu Manager WordPress plugin (all versions through 1.3) permits any authenticated subscriber-level user to manipulate site navigation menus without authorization. The plugin invokes wp_insert_post() for nav_menu_item operations - duplicate, copy, move, and publish - without enforcing capability checks, allowing low-privilege users to alter navigation structure at will. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV; however, the low barrier to exploitation (any registered subscriber account) makes it a meaningful risk on sites with open or compromised user registration.