Lucene search
China National Vulnerability DatabaseCNVD-2022-66598HistoryMar 02, 2022 - 12:00 a.m.
WordPress WP Responsive Menu plugin cross-site scripting vulnerability
2022-03-0200:00:00
China National Vulnerability Database
www.cnvd.org.cn
6
0.001 Low
EPSS
Percentile
24.8%
WordPress is the WordPress Foundation’s set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on PHP and MySQL servers. cross-site scripting vulnerability exists in versions of WordPress WP Responsive Menu plugin prior to 3.1.7.1, which stems from the plugin’s failure to perform CSRF checks in the wpr_live_update AJAX operation, as well as its failure to clean and escape some submitted data. An attacker could exploit this vulnerability to update the plugin’s settings and perform cross-site scripting attacks on all visitors and users on the front-end.
| CPE | Name | Operator | Version |
|---|---|---|---|
| WordPress WP Responsive Menu plugin <3. | eq | 1.7.1 |
Related
prion
prion
Cross site scripting
2022-02-28 09:15:00
wpvulndb
wpvulndb
WP Responsive Menu < 3.1.7.1 - Subscriber+ Settings Update to Stored XSS
2022-01-26 00:00:00
cvelist
cvelist
nvd
nvd
CVE-2021-24971
2022-02-28 09:15:08
cve
cve
CVE-2021-24971
2022-02-28 09:15:08
patchstack
patchstack
wpexploit
wpexploit
WP Responsive Menu < 3.1.7.1 - Subscriber+ Settings Update to Stored XSS
2022-01-26 00:00:00