CVE-2021-24942 – Menu Item Visibility Control <= 0.5 - Admin+ Arbitrary PHP Code Execution

https://notcve.org/view.php?id=CVE-2021-24942

The Menu Item Visibility Control WordPress plugin through 0.5 doesn't sanitize and validate the "Visibility logic" option for WordPress menu items, which could allow highly privileged users to execute arbitrary PHP code even in a hardened environment. El complemento Menu Item Visibility Control de WordPress hasta la versión 0.5 no sanitiza ni valida la opción "Lógica de visibilidad" para los elementos del menú de WordPress, lo que podría permitir a usuarios altamente privilegiados ejecutar código PHP arbitrario incluso en un entorno reforzado. The Menu Item Visibility Control plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 0.5 via the 'visibility logic' option. This allows administrator-level attackers to execute code on the server. • https://wpscan.com/vulnerability/eaa28832-74c1-4cd5-9b0f-02338e23b418 • CWE-94: Improper Control of Generation of Code ('Code Injection') •