CVE-2024-12773 – The Altra Side Menu WordPress plugin through ve... (How to Fix)

📋 TL;DR

The Altra Side Menu WordPress plugin through version 2.0 contains a SQL injection vulnerability that allows authenticated administrators to execute arbitrary SQL commands. This affects WordPress sites using vulnerable versions of the plugin, potentially compromising the entire database.

💻 Affected Systems

Products:

Altra Side Menu WordPress Plugin

Versions: through 2.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires administrator-level access to exploit

📦 What is this software?

Altra Side Menu by Pulseextensions

View all CVEs affecting Altra Side Menu →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data manipulation, privilege escalation, and potential remote code execution via database functions.

🟠

Likely Case

Administrator account compromise leading to data exfiltration, site defacement, or installation of backdoors.

🟢

If Mitigated

Limited impact if administrators are trusted and proper access controls are in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires administrator credentials; SQL injection is a well-understood attack vector

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version after 2.0

Vendor Advisory: https://wpscan.com/vulnerability/fab64105-599f-49a4-b01d-c873ff34b590/

Restart Required: No

Instructions:

1. Log into WordPress admin panel
2. Navigate to Plugins → Installed Plugins
3. Find Altra Side Menu plugin
4. Click 'Update Now' if update available
5. If no update available, deactivate and delete plugin

🔧 Temporary Workarounds

Disable Plugin

all

Deactivate the vulnerable plugin to prevent exploitation

wp plugin deactivate altra-side-menu

Restrict Admin Access

all

Limit administrator accounts to trusted personnel only

🧯 If You Can't Patch

Implement web application firewall (WAF) with SQL injection rules
Monitor database logs for unusual SQL queries

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Altra Side Menu version number

Check Version:

wp plugin get altra-side-menu --field=version

Verify Fix Applied:

Verify plugin version is greater than 2.0

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in WordPress or database logs
Multiple failed login attempts to admin accounts

Network Indicators:

Unusual database connection patterns
SQL error messages in HTTP responses

SIEM Query:

SELECT * FROM logs WHERE message LIKE '%altra-side-menu%' OR message LIKE '%SQL syntax%'

📊 Metadata

CVE ID: CVE-2024-12773

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

EPSS Score: 0.1% exploit probability (27.2th percentile)

Published: January 27, 2025

Last Updated: May 7, 2025

🔗 References

https://wpscan.com/vulnerability/fab64105-599f-49a4-b01d-c873ff34b590/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-12773, you might also want to check these: