Medium severity5.4NVD Advisory· Published Apr 4, 2022· Updated Jun 17, 2026
CVE-2021-25113
CVE-2021-25113
Description
The Dropdown Menu Widget WordPress plugin through 1.9.7 does not have authorisation and CSRF checks when saving its settings, allowing low privilege users such as subscriber to update them. Due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Dropdown Menu Widget WordPress plugindescription
- Range: <=1.9.7
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/7a5078db-e0d4-4076-9de9-5401c3ca0d65nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.