CVE-2021-24161
N/A
N/A
Summary
In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into uploading a zip archive containing malicious PHP files. The attacker could then access those files to achieve remote code execution and further infect the targeted site.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ExpressTech | Responsive Menu – Create Mobile-Friendly Menu | 4.0.4 < 4.0.4 | affected |
| ExpressTech | Responsive Menu Pro | 4.0.4 < 4.0.4 | affected |
Weaknesses
- CWE-352: CWE-352 Cross-Site Request Forgery (CSRF)
ADP Enrichment
CVE Program Container
Additional References
- https://www.wordfence.com/blog/2021/02/multiple-vulnerabilities-patched-in-responsive-menu-plugin/
- https://wpscan.com/vulnerability/efca27e0-bdb6-4497-8330-081f909d6933
References
- https://www.wordfence.com/blog/2021/02/multiple-vulnerabilities-patched-in-responsive-menu-plugin/
- https://wpscan.com/vulnerability/efca27e0-bdb6-4497-8330-081f909d6933
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.