CVE-2026-1032
CSRF Vulnerability in WordPress Conditional Menus Plugin Allows Admin Control
Publication date: 2026-03-26
Last updated on: 2026-03-26
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| conditional_menus | conditional_menus | to 1.2.6 (inc) |
| themify | conditional_menus | to 1.2.6 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The Conditional Menus plugin for WordPress, up to version 1.2.6, is vulnerable to a Cross-Site Request Forgery (CSRF) attack. This vulnerability exists because the plugin's 'save_options' function does not validate a security nonce, which is a token used to verify that a request is legitimate.
As a result, an attacker who tricks a site administrator into clicking a malicious link can cause unauthorized changes to the conditional menu assignments on the site without the administrator's explicit consent.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in the Conditional Menus plugin allows unauthenticated attackers to perform Cross-Site Request Forgery (CSRF) attacks that can modify conditional menu assignments if a site administrator is tricked into clicking a malicious link.
While the vulnerability impacts the integrity of the website's menu configuration, there is no direct information provided about the exposure or compromise of personal data or sensitive information.
Therefore, based on the available information, this vulnerability does not explicitly indicate a direct impact on compliance with data protection regulations such as GDPR or HIPAA, which primarily focus on the protection of personal and health information.
However, unauthorized changes to website content or configuration could indirectly affect compliance if such changes lead to misinformation, unauthorized data exposure, or other security issues not detailed here.
How can this vulnerability impact me? :
This vulnerability allows an unauthenticated attacker to modify the conditional menu assignments on a WordPress site by exploiting the lack of nonce validation. If an administrator is tricked into clicking a malicious link, the attacker can change which menus appear under certain conditions.
While this does not directly compromise data confidentiality or availability, it can lead to unauthorized changes in site navigation, potentially confusing users or redirecting them to unintended content.
The CVSS score of 4.3 (medium severity) reflects that the attack requires user interaction (an admin clicking a link) but does not require privileges or result in data disclosure.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves a missing nonce validation in the 'save_options' function of the Conditional Menus WordPress plugin up to version 1.2.6, allowing Cross-Site Request Forgery (CSRF) attacks. Detection would involve checking if your WordPress site is running Conditional Menus plugin version 1.2.6 or earlier.
To detect if the vulnerable plugin version is installed, you can check the plugin version via WordPress admin or by inspecting the plugin files on the server.
- On the server, run a command to check the plugin version in the plugin directory, for example: `grep 'Version:' wp-content/plugins/conditional-menus/readme.txt`
- Alternatively, check the plugin version via WP-CLI: `wp plugin get conditional-menus --field=version`
Since the vulnerability is a CSRF issue triggered by forged POST requests to the 'save_options' function, monitoring HTTP POST requests to the plugin's admin AJAX endpoints or admin pages for suspicious or unexpected requests could help detect exploitation attempts.
However, no specific detection commands or signatures are provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to update the Conditional Menus plugin to version 1.2.7 or later, which includes a security fix adding nonce verification to prevent CSRF attacks.
The update adds nonce validation in the 'save_options()' method using WordPress's `wp_verify_nonce()` function, ensuring that only authorized requests can modify menu assignments.
If immediate updating is not possible, consider restricting access to the WordPress admin area to trusted users only, and avoid clicking on suspicious links that could trigger forged requests.
Additionally, monitor admin activity logs for unexpected changes to menu assignments.