What is the severity of CVE-2024-13466?

CVE-2024-13466 is classified as a medium severity vulnerability due to its potential impact on the WordPress Automatically Hierarchic Categories in Menu plugin.

How do I fix CVE-2024-13466?

To fix CVE-2024-13466, update the Automatically Hierarchic Categories in Menu plugin to version 2.0.8 or later, which includes the necessary security patches.

What impact does CVE-2024-13466 have on my website?

CVE-2024-13466 allows attackers to execute stored cross-site scripting attacks via the plugin's shortcode, potentially compromising user data or site integrity.

Which versions of the Automatically Hierarchic Categories in Menu plugin are affected by CVE-2024-13466?

All versions of the Automatically Hierarchic Categories in Menu plugin up to and including version 2.0.7 are affected by CVE-2024-13466.

Is my WordPress site vulnerable if I use the Automatically Hierarchic Categories in Menu plugin?

Yes, if you are using the Automatically Hierarchic Categories in Menu plugin version 2.0.7 or earlier, your WordPress site is vulnerable to CVE-2024-13466.

Vulnerability/
CVE-2024-13466

medium

6.4

CWE

30/1/2025

18/2/2025

CVE-2024-13466: Automatically Hierarchic Categories in Menu <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

First published: Thu Jan 30 2025(Updated: )

The Automatically Hierarchic Categories in Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'autocategorymenu' shortcode in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Credit: security@wordfence.com

Affected Software	Affected Version	How to fix
WordPress Automatically Hierarchic Categories in Menu	<=2.0.7

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-13466?
CVE-2024-13466 is classified as a medium severity vulnerability due to its potential impact on the WordPress Automatically Hierarchic Categories in Menu plugin.
How do I fix CVE-2024-13466?
To fix CVE-2024-13466, update the Automatically Hierarchic Categories in Menu plugin to version 2.0.8 or later, which includes the necessary security patches.
What impact does CVE-2024-13466 have on my website?
CVE-2024-13466 allows attackers to execute stored cross-site scripting attacks via the plugin's shortcode, potentially compromising user data or site integrity.
Which versions of the Automatically Hierarchic Categories in Menu plugin are affected by CVE-2024-13466?
All versions of the Automatically Hierarchic Categories in Menu plugin up to and including version 2.0.7 are affected by CVE-2024-13466.
Is my WordPress site vulnerable if I use the Automatically Hierarchic Categories in Menu plugin?
Yes, if you are using the Automatically Hierarchic Categories in Menu plugin version 2.0.7 or earlier, your WordPress site is vulnerable to CVE-2024-13466.

collector/mitre-cve
source/MITRE
collector/nvd-api
source/NVD
agent/weakness
agent/last-modified-date
agent/references
agent/severity
agent/title
agent/author
agent/source
agent/description
agent/first-publish-date
agent/type
agent/event
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup
vendor/wordpress
canonical/wordpress automatically hierarchic categories in menu