Description
WordPress Plugin Admin Menu Tree Page View is prone to multiple vulnerabilities, including cross-site request forgery and privilege escalation vulnerabilities. Exploiting these issues could allow an attacker to perform certain administrative actions and gain unauthorized access to the affected application, or to create arbitrary posts. WordPress Plugin Admin Menu Tree Page View version 2.6.9 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.7 or latest
References
http://pvagenas.com/vulnerabilities/admin-menu-tree-page-view-csrf-privilege-escalation/
https://pvagenas.com/vulnerabilities/admin-menu-tree-page-view-csrf-privilege-escalation-2/
https://www.exploit-db.com/exploits/43486/
https://plugins.svn.wordpress.org/admin-menu-tree-page-view/trunk/readme.txt
Related Vulnerabilities
MediaWiki Insertion of Sensitive Information into Log File Vulnerability (CVE-2024-40598)
Telerik Web UI Missing Authorization Vulnerability (CVE-2021-28141)
MediaWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2007-1055)
WordPress Plugin VK Gallery TimThumb Arbitrary File Upload (1.1.0)