CVE-2025-9880

The Side Slide Responsive Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in all versions up to and including 1.0. The vulnerability stems from missing or incorrect nonce validation on a function that handles settings updates, allowing attackers to bypass standard WordPress request verification [1].

To exploit this, an unauthenticated attacker must trick a site administrator into clicking a crafted link or performing an action while authenticated. No additional authentication is required for the attacker, as the CSRF attack leverages the administrator's existing session [1].

Successful exploitation enables the attacker to modify plugin settings and inject malicious web scripts. This could lead to stored cross-site scripting (XSS) if the injected scripts are saved and later executed in the context of other users' sessions, potentially compromising the site [1].

The plugin has been closed as of September 10, 2025, and is no longer available for download due to this security issue. Users are advised to remove the plugin from their WordPress installations and seek alternative solutions [1].