CVE-2022-25602
- EPSS 0.82%
- Veröffentlicht 18.03.2022 18:15:16
- Zuletzt bearbeitet 21.11.2024 06:52:25
Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin (versions <= 4.1.7).
CVE-2021-24160
- EPSS 62.95%
- Veröffentlicht 05.04.2021 19:15:15
- Zuletzt bearbeitet 21.11.2024 05:52:29
In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, subscribers could upload zip archives containing malicious PHP files that would get extracted to the /rmp-menu/ directory. These files could then be accessed via the front end of th...
CVE-2021-24161
- EPSS 0.75%
- Veröffentlicht 05.04.2021 19:15:15
- Zuletzt bearbeitet 21.11.2024 05:52:29
In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into uploading a zip archive containing malicious PHP files. The attacker could then access those files to achieve remote ...
CVE-2021-24162
- EPSS 0.12%
- Veröffentlicht 05.04.2021 19:15:15
- Zuletzt bearbeitet 21.11.2024 05:52:29
In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into importing all new settings. These settings could be modified to include malicious JavaScript, therefore allowing an a...
CVE-2017-18513
- EPSS 0.09%
- Veröffentlicht 14.08.2019 16:15:12
- Zuletzt bearbeitet 21.11.2024 03:20:17
The responsive-menu plugin before 3.1.4 for WordPress has no CSRF protection mechanism for the admin interface.