CVE-2024-12774: 
WordPress vulnerability analysis and mitigation

The Altra Side Menu WordPress plugin through version 2.0 contains a Cross-Site Request Forgery (CSRF) vulnerability. The vulnerability was discovered on January 6, 2025, and was assigned CVE-2024-12774. This security issue affects the plugin's menu deletion functionality, potentially impacting WordPress installations using the Altra Side Menu plugin (WPScan).

The vulnerability stems from the absence of CSRF protection mechanisms in certain plugin functionalities. The CVSS v3.1 base score is 6.5 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N. The vulnerability is classified under OWASP Top 10 category A2: Broken Authentication and Session Management and is identified as CWE-352 (WPScan).

If successfully exploited, this vulnerability allows attackers to trick authenticated administrators into deleting arbitrary menus from the WordPress installation without their knowledge or consent. This can lead to unauthorized menu deletions and potential disruption of website navigation structure (WPScan).

Currently, there is no known fix available for this vulnerability. Website administrators using the Altra Side Menu plugin should consider implementing additional security measures or temporarily disabling the plugin until a security patch is released (WPScan).