VYPR

WP Responsive Menu

by WordPress

CVEs (4)

  • CVE-2021-24160HigApr 5, 2021
    risk 0.58cvss 8.8epss 0.08

    In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, subscribers could upload zip archives containing malicious PHP files that would get extracted to the /rmp-menu/ directory. These files could then be accessed via the front end of the site to trigger remote code…

  • CVE-2021-24162HigApr 5, 2021
    risk 0.57cvss 8.8epss 0.01

    In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into importing all new settings. These settings could be modified to include malicious JavaScript, therefore allowing an attacker to inject payloads…

  • CVE-2021-24161HigApr 5, 2021
    risk 0.57cvss 8.8epss 0.01

    In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into uploading a zip archive containing malicious PHP files. The attacker could then access those files to achieve remote code execution and further…

  • CVE-2021-24971MedFeb 28, 2022
    risk 0.35cvss 5.4epss 0.01

    The WP Responsive Menu WordPress plugin before 3.1.7.1 does not have capability and CSRF checks in the wpr_live_update AJAX action, as well as do not sanitise and escape some of the data submitted. As a result, any authenticated, such as subscriber could update the plugin's…