Plugin Security Vulnerability Notice

Hi We recently received this notice from our hosting provider regarding this plugin
———————————–
Your site is utilizing a vulnerable version of the Menu Item Visibility Control plugin.

At this time, we are not seeing that the plugin author has released an update or patch for this vulnerability. WP Engine has attempted to reach out to the plugin author to request the timing of a patch. We will report back to you if/when we receive a timeframe for when the author expects to release one.

WP Engine summary of the vulnerability: An attacker could use this vulnerability to modify site configuration, including adding backdoors such as other WordPress administrators.

Original 3rd-party’s report on the vulnerability: Please note that questions related to this article should be directed to the 3rd-party researcher and not WP Engine:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24942
https://wpscan.com/vulnerability/eaa28832-74c1-4cd5-9b0f-02338e23b418

We encourage you to assess the risk of continuing to use this plugin until a patch is released.`

———————————-

Will you be updating your plugin to address this security risk?

• This topic was modified 3 years, 4 months ago by Steven Stern (sterndata).
• This topic was modified 3 years, 4 months ago by tsaffeld.