CVE-2024-35677
📋 TL;DR
This vulnerability allows unauthenticated attackers to perform path traversal attacks in the StylemixThemes MegaMenu WordPress plugin, leading to local file inclusion. Attackers can read sensitive files on the server, potentially exposing configuration files, credentials, or other sensitive data. All WordPress sites using vulnerable versions of the MegaMenu plugin are affected.
💻 Affected Systems
- StylemixThemes MegaMenu WordPress Plugin
📦 What is this software?
Mega Menu by Stylemixthemes
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise through reading sensitive configuration files (like wp-config.php containing database credentials), followed by database access, privilege escalation, or remote code execution.
Likely Case
Unauthenticated attackers reading sensitive server files, potentially exposing database credentials, API keys, or other configuration secrets that could lead to further compromise.
If Mitigated
Limited impact if proper file permissions restrict access to sensitive files and web server configurations prevent directory traversal.
🎯 Exploit Status
Public proof-of-concept exists, and the vulnerability is unauthenticated with simple exploitation, making weaponization highly likely.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.3.13 or later
Vendor Advisory: https://patchstack.com/database/vulnerability/stm-megamenu/wordpress-megamenu-plugin-2-3-12-unauthenticated-local-file-inclusion-vulnerability
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'MegaMenu' plugin. 4. Click 'Update Now' if update available. 5. Alternatively, download version 2.3.13+ from WordPress repository and manually update.
🔧 Temporary Workarounds
Disable MegaMenu Plugin
allTemporarily disable the vulnerable plugin until patched
wp plugin deactivate stm-megamenu
Web Application Firewall Rule
allBlock path traversal attempts in web requests
Add WAF rule to block requests containing '../' or similar path traversal patterns
🧯 If You Can't Patch
- Implement strict file permissions on sensitive configuration files (chmod 600 for wp-config.php)
- Deploy web application firewall with path traversal detection rules
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for MegaMenu version. If version is 2.3.12 or lower, you are vulnerable.Check Version:
wp plugin get stm-megamenu --field=versionVerify Fix Applied:
Verify plugin version shows 2.3.13 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- HTTP requests containing '../' patterns to MegaMenu endpoints
- Unusual file access attempts in web server logs
- Multiple 200 OK responses for sensitive file requests
Network Indicators:
- HTTP requests with path traversal payloads to /wp-content/plugins/stm-megamenu/ endpoints
SIEM Query:
source="web_server_logs" AND (uri="*../*" OR uri="*/stm-megamenu/*") AND (response="200" OR response="404")🔗 References
- https://patchstack.com/database/vulnerability/stm-megamenu/wordpress-megamenu-plugin-2-3-12-unauthenticated-local-file-inclusion-vulnerability?_s_id=cve
- https://patchstack.com/database/vulnerability/stm-megamenu/wordpress-megamenu-plugin-2-3-12-unauthenticated-local-file-inclusion-vulnerability?_s_id=cve
