[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fbnlLLaBXDt0rQaukgBdYTVpzrhx11-RDVLjpEKphTxM":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"WF-04ad816b-0ac0-44b5-928a-5bb3e36523b2-advance-menu-manager","advance-menu-manager-missing-authorization","Advance Menu Manager \u003C= 3.0.6 - Missing Authorization","The Advance Menu Manager plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the dsamm_action_ajax_for_delete_menu(), dsamm_amm_duplicate_menu(), and dsamm_action_ajax_for_create_menu() functions in all versions up to, and including, 3.0.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete, create, and duplicate menus. Please note version 3.0.7 did not introduce capability checks, however, it introduced nonce checks that prevent the missing authorization issue from being exploitable.","advance-menu-manager",null,"\u003C=3.0.6","3.0.7","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2023-11-02 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F04ad816b-0ac0-44b5-928a-5bb3e36523b2?source=api-prod",82]