CVE-2024-10866
📋 TL;DR
The Export Import Menus WordPress plugin has an authorization bypass vulnerability that allows unauthenticated attackers to export WordPress menu data and settings. This affects all WordPress sites using plugin versions 1.9.1 and earlier. The vulnerability stems from missing capability checks in the export function.
💻 Affected Systems
- WordPress Export Import Menus plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could export sensitive menu configurations, including custom links, user roles, and potentially other site structure data that could aid in further attacks.
Likely Case
Unauthenticated attackers export menu data to understand site structure and identify potential attack vectors for privilege escalation or other vulnerabilities.
If Mitigated
Limited exposure of non-sensitive menu configuration data with no direct code execution or data modification.
🎯 Exploit Status
Simple HTTP request to vulnerable endpoint without authentication required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.9.2
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Export Import Menus' plugin. 4. Click 'Update Now' if available, or download version 1.9.2+ from WordPress repository. 5. Activate updated plugin.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate the Export Import Menus plugin until patched
wp plugin deactivate export-import-menus
Web Application Firewall rule
allBlock access to the vulnerable endpoint
Block HTTP requests to */wp-admin/admin-ajax.php* with action parameter containing 'dsp_export_import_menus'
🧯 If You Can't Patch
- Disable the Export Import Menus plugin immediately
- Implement network-level restrictions to block unauthenticated access to /wp-admin/admin-ajax.php
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for Export Import Menus version ≤1.9.1Check Version:
wp plugin get export-import-menus --field=versionVerify Fix Applied:
Confirm plugin version is 1.9.2 or higher in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to /wp-admin/admin-ajax.php with action=dsp_export_import_menus from unauthenticated IPs
- Multiple export requests from single IP in short timeframe
Network Indicators:
- HTTP POST requests to WordPress admin-ajax.php endpoint with export parameters from external IPs
SIEM Query:
source="wordpress_logs" AND uri_path="/wp-admin/admin-ajax.php" AND http_method="POST" AND (form_data.action="dsp_export_import_menus" OR url_query.action="dsp_export_import_menus")