Login Sign Up

CVE-2024-3593

7.2 HIGH
CSRF

📋 TL;DR

The UberMenu WordPress plugin is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to 3.8.3. This allows unauthenticated attackers to delete or reset the plugin's settings by tricking an administrator into clicking a malicious link. All WordPress sites using vulnerable versions of UberMenu are affected.

💻 Affected Systems

Products:
  • UberMenu WordPress Mega Menu Plugin
Versions: All versions up to and including 3.8.3
Operating Systems: All operating systems running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress installation with UberMenu plugin active. The vulnerability exists in default configurations.

📦 What is this software?

Ubermenu by Sevenspark

View all CVEs affecting Ubermenu →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete loss of menu configuration requiring manual restoration, potential site navigation disruption, and administrative overhead to reconfigure menus.

🟠

Likely Case

Temporary disruption of site navigation menus until settings are restored, requiring administrator intervention to fix.

🟢

If Mitigated

No impact if proper CSRF protections are in place or the vulnerability is patched.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires social engineering to trick an administrator into clicking a malicious link. No authentication required for the CSRF attack itself.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 3.8.4 or later

Vendor Advisory: https://codecanyon.net/item/ubermenu-wordpress-mega-menu-plugin/154703

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find UberMenu and click 'Update Now' if available. 4. If no update appears, download version 3.8.4+ from CodeCanyon and manually update.

🔧 Temporary Workarounds

Temporary Plugin Deactivation

all

Deactivate UberMenu plugin until patched to prevent exploitation

wp plugin deactivate ubermenu

🧯 If You Can't Patch

  • Implement strict access controls limiting admin panel access to trusted networks only
  • Use browser extensions that block CSRF attacks or implement additional WordPress security plugins with CSRF protection

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > UberMenu version. If version is 3.8.3 or lower, you are vulnerable.

Check Version:

wp plugin get ubermenu --field=version

Verify Fix Applied:

After updating, verify UberMenu version shows 3.8.4 or higher in WordPress plugins list.

📡 Detection & Monitoring

Log Indicators:

  • WordPress admin logs showing unauthorized settings deletion/reset
  • Unexpected POST requests to admin-ajax.php with ubermenu_delete_all_item_settings or ubermenu_reset_settings actions

Network Indicators:

  • HTTP POST requests to /wp-admin/admin-ajax.php with CSRF-like parameters targeting UberMenu functions

SIEM Query:

source="wordpress" AND (action="ubermenu_delete_all_item_settings" OR action="ubermenu_reset_settings")

📊 Metadata

CVE ID: CVE-2024-3593
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L
CWE: CWE-352
Published: June 22, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-3593, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-10181 9.8

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in Sumavision Enhanced Multimed...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)