Vulnerabilities > CVE-2024-35677 - Unspecified vulnerability in Stylemixthemes Mega Menu 2.3.12

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

stylemixthemes

critical

NVD

Published: 2024-06-10

Updated: 2024-11-21

Summary

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes MegaMenu allows PHP Local File Inclusion.This issue affects MegaMenu: from n/a through 2.3.12.

Vulnerable Configurations

Part	Description	Count
Application	Stylemixthemes Stylemixthemes Mega Menu - Stylemixthemes Mega Menu 2.3.12	2

References

https://patchstack.com/database/vulnerability/stm-megamenu/wordpress-megamenu-plugin-2-3-12-unauthenticated-local-file-inclusion-vulnerability?_s_id=cve
https://patchstack.com/database/vulnerability/stm-megamenu/wordpress-megamenu-plugin-2-3-12-unauthenticated-local-file-inclusion-vulnerability?_s_id=cve