Vulnerability Description
In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into importing all new settings. These settings could be modified to include malicious JavaScript, therefore allowing an attacker to inject payloads that could aid in further infection of the site.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Expresstech | Responsive Menu | < 4.0.4 |
Related Weaknesses (CWE)
References
- https://wpscan.com/vulnerability/923fc3a3-4bcc-4b48-870a-6150e14509b5ExploitThird Party Advisory
- https://www.wordfence.com/blog/2021/02/multiple-vulnerabilities-patched-in-respoExploitThird Party Advisory
- https://wpscan.com/vulnerability/923fc3a3-4bcc-4b48-870a-6150e14509b5ExploitThird Party Advisory
- https://www.wordfence.com/blog/2021/02/multiple-vulnerabilities-patched-in-respoExploitThird Party Advisory
FAQ
What is CVE-2021-24162?
CVE-2021-24162 is a vulnerability with a CVSS score of 8.8 (HIGH). In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into importing all new settings. These settings could be modified to inc...
How severe is CVE-2021-24162?
CVE-2021-24162 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-24162?
Check the references section above for vendor advisories and patch information. Affected products include: Expresstech Responsive Menu.