Conditional Menus WordPress Plugin Cross-Site Request Forgery Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Conditional Menus plugin for WordPress, affecting all versions through 1.2.6. The vulnerability arises from a lack of nonce validation in the 'save_options' function, allowing unauthenticated attackers to alter conditional menu assignments by sending a forged request, provided they can deceive a site administrator into clicking a link.

Impact

Exploitation of this vulnerability allows for unauthorized modification of conditional menu assignments, potentially leading to incorrect menu displays on the site.

Reproduction

To reproduce this vulnerability, an attacker must trick a WordPress site administrator into clicking a link that initiates a request to the 'save_options' function without the required nonce. This can be done by sending an email or message with a link that, when clicked, sends a request to the site that modifies menu assignments.

Remediation

Users are advised to update the Conditional Menus plugin to version 1.2.7 or later.