Lucene search

K
cnvdChina National Vulnerability DatabaseCNVD-2022-66598
HistoryMar 02, 2022 - 12:00 a.m.

WordPress WP Responsive Menu plugin cross-site scripting vulnerability

2022-03-0200:00:00
China National Vulnerability Database
www.cnvd.org.cn
9
wordpress
php
mysql
cross-site scripting
csrf
vulnerability

EPSS

0.001

Percentile

24.8%

WordPress is the WordPress Foundation’s set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on PHP and MySQL servers. cross-site scripting vulnerability exists in versions of WordPress WP Responsive Menu plugin prior to 3.1.7.1, which stems from the plugin’s failure to perform CSRF checks in the wpr_live_update AJAX operation, as well as its failure to clean and escape some submitted data. An attacker could exploit this vulnerability to update the plugin’s settings and perform cross-site scripting attacks on all visitors and users on the front-end.

EPSS

0.001

Percentile

24.8%