CVE-2024-4635 in Menu Icons Plugin
Summary
by MITRE • 05/16/2024
The Menu Icons by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘add_mime_type’ function in versions up to, and including, 0.13.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 06/13/2026
The Menu Icons by ThemeIsle plugin for WordPress presents a critical stored cross-site scripting vulnerability that affects versions up to and including 013.13. This vulnerability stems from inadequate input sanitization and output escaping mechanisms within the plugin's add_mime_type function. The flaw allows authenticated attackers who possess author-level permissions or higher to inject malicious web scripts into WordPress pages, creating a persistent security risk that can compromise user sessions and data integrity. The vulnerability operates as a stored XSS attack because the malicious code is permanently saved within the plugin's data storage and executed whenever affected pages are accessed by unsuspecting users. This type of vulnerability falls under CWE-79 which specifically addresses cross-site scripting flaws where insufficient sanitization of input data leads to execution of malicious scripts in the context of the victim's browser. The attack vector requires minimal privileges as authors and above can exploit this weakness, making it particularly dangerous in environments where multiple users have content creation capabilities.
The operational impact of this vulnerability extends beyond simple script execution as it can enable attackers to perform session hijacking, deface websites, steal sensitive user information, or redirect victims to malicious domains. When an authenticated user accesses a page containing the injected script, the malicious code executes in their browser context, potentially allowing attackers to access cookies, session tokens, or other sensitive data that the victim's browser has stored. The persistent nature of stored XSS means that once the malicious script is injected, it continues to affect all users who access the compromised pages until the injection is removed or the vulnerability is patched. This vulnerability directly maps to attack techniques described in the MITRE ATT&CK framework under T1566 for credential access and T1059 for command and control through malicious code execution. The risk is amplified by the fact that WordPress plugins often have broad access to site functionality and user data, making this a particularly attractive target for attackers seeking to establish persistent access or harvest user information.
Mitigation strategies for this vulnerability must address both immediate remediation and long-term security hardening measures. The primary recommendation is to upgrade to the latest version of the Menu Icons by ThemeIsle plugin where the XSS vulnerability has been patched and proper input sanitization has been implemented. Administrators should also implement strict input validation and output escaping mechanisms throughout the WordPress environment, particularly for user-generated content and plugin configurations. Regular security audits and vulnerability assessments should be conducted to identify similar weaknesses in other plugins or themes that may present comparable risks. Additional defensive measures include implementing content security policies that restrict script execution, monitoring user activity for suspicious behavior, and ensuring that users with author-level permissions or higher undergo proper security training to recognize and avoid potential attack vectors. Organizations should also consider implementing web application firewalls to detect and block malicious script injection attempts, while maintaining regular backups to ensure rapid recovery in case of successful exploitation. The vulnerability demonstrates the importance of proper input validation and output escaping practices as outlined in the OWASP Top Ten and other security standards, emphasizing that even minor oversights in code can create significant security risks for entire web applications.