CVE-2024-10866: 
WordPress vulnerability analysis and mitigation

The Export Import Menus plugin for WordPress contains a vulnerability tracked as CVE-2024-10866, which was discovered and disclosed on January 6, 2025. The vulnerability affects all versions up to and including 1.9.1 of the plugin. This security issue stems from a missing capability check in the dspexportimport_menus() function (NVD).

The vulnerability is classified as a Missing Authorization issue (CWE-862) with a CVSS v3.1 Base Score of 5.3 (Medium). The vulnerability vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, indicating network accessibility, low attack complexity, no privileges required, no user interaction needed, unchanged scope, low confidentiality impact, and no impact on integrity or availability (Wordfence).

The vulnerability allows unauthenticated attackers to export menu data and settings from affected WordPress installations. This unauthorized access to data could potentially expose sensitive menu configurations and structure information (NVD).

Website administrators running the Export Import Menus plugin should update to a version newer than 1.9.1 if available. Until an update is applied, considering disabling the plugin if it's not critical to operations (NVD).