Description
WordPress Plugin Admin Menu Tree Page View is prone to multiple vulnerabilities, including cross-site request forgery and privilege escalation vulnerabilities. Exploiting these issues could allow an attacker to perform certain administrative actions and gain unauthorized access to the affected application, or to create arbitrary posts. WordPress Plugin Admin Menu Tree Page View version 2.6.9 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.7 or latest
References
http://pvagenas.com/vulnerabilities/admin-menu-tree-page-view-csrf-privilege-escalation/
https://pvagenas.com/vulnerabilities/admin-menu-tree-page-view-csrf-privilege-escalation-2/
https://www.exploit-db.com/exploits/43486/
https://plugins.svn.wordpress.org/admin-menu-tree-page-view/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin HUSKY-Products Filter Professional for WooCommerce SQL Injection (1.3.6)
WordPress Plugin Post Views Count (Support caching plugins!) Cross-Site Scripting (3.0.2)
WordPress Plugin SiteGround Security Security Bypass (1.2.5)
WordPress Plugin WP Poll Maker-Best WordPress Poll for Voting Contest Arbitrary File Upload (3.4)
WordPress Plugin WordPress Landing Pages Cross-Site Scripting (1.8.7)