๐Ÿ” CVE Alert

CVE-2026-8688

MEDIUM 4.3

Advance Nav Menu Manager <= 1.3 - Missing Authorization to Authenticated (Subscriber+) Nav Menu Item Modification via anmm_save_menu_data AJAX Action

CVSS Score
4.3
EPSS Score
0.0%
EPSS Percentile
0th

The Advance Nav Menu Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to duplicate, copy, move, or publish nav_menu_item posts via wp_insert_post(), modifying the site's navigation menus without authorization.

CWE CWE-862
Vendor krishaweb
Product advance nav menu manager
Published Jun 24, 2026
Stay Ahead of the Next One

Get instant alerts for krishaweb advance nav menu manager

Be the first to know when new medium vulnerabilities affecting krishaweb advance nav menu manager are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

krishaweb / Advance Nav Menu Manager
0 โ‰ค 1.3

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/e234a79d-5d46-44db-833c-51e202dc49bf?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/advance-nav-menu-manager/tags/1.3/include/class-advancenavmenumanager.php#L236 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/advance-nav-menu-manager/tags/1.3/include/class-advancenavmenumanager.php#L231 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/advance-nav-menu-manager/tags/1.3/include/option.php#L107 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/advance-nav-menu-manager/tags/1.1/include/class-advancenavmenumanager.php#L236 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/advance-nav-menu-manager/tags/1.1/include/class-advancenavmenumanager.php#L231 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/advance-nav-menu-manager/tags/1.1/include/option.php#L107

Credits

Hardik Patel