CVE-2021-24161

Summary

In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into uploading a zip archive containing malicious PHP files. The attacker could then access those files to achieve remote code execution and further infect the targeted site.

Affected Software

VendorProductVersion RangeStatus
ExpressTechResponsive Menu – Create Mobile-Friendly Menu4.0.4 < 4.0.4affected
ExpressTechResponsive Menu Pro4.0.4 < 4.0.4affected

Weaknesses

  • CWE-352: CWE-352 Cross-Site Request Forgery (CSRF)

ADP Enrichment

CVE Program Container

Additional References

References