CVE-2021-24161

🗓️ 05 Apr 2021 18:27:43Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 44 Views🌐 WEB

In Reponsive Menu WordPress plugins before 4.0.4, attackers can achieve remote code execution via crafted zip archive

Reporter	Title	Published	Views	Family All 9
CNNVD	WordPress 插件 Reponsive Menu (free and Pro) 跨站请求伪造漏洞	5 Apr 202100:00	–	cnnvd
Cvelist	CVE-2021-24161 Responsive Menu < 4.0.4 - CSRF to Arbitrary File Upload	5 Apr 202118:27	–	cvelist
EUVD	EUVD-2021-11075	7 Oct 202500:30	–	euvd
NVD	CVE-2021-24161	5 Apr 202119:15	–	nvd
OSV	CVE-2021-24161	5 Apr 202119:15	–	osv
Prion	Remote code execution	5 Apr 202119:15	–	prion
RedhatCVE	CVE-2021-24161	22 May 202521:04	–	redhatcve
wpexploit	Responsive Menu < 4.0.4 - CSRF to Arbitrary File Upload	10 Feb 202100:00	–	wpexploit
WPVulnDB	Responsive Menu < 4.0.4 - CSRF to Arbitrary File Upload	10 Feb 202100:00	–	wpvulndb

NVD

Vulners

Node

expresstech responsive_menuRange<4.0.4freewordpress

expresstech responsive_menuRange<4.0.4prowordpress

[
  {
    "product": "Responsive Menu – Create Mobile-Friendly Menu",
    "vendor": "ExpressTech",
    "versions": [
      {
        "lessThan": "4.0.4",
        "status": "affected",
        "version": "4.0.4",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Responsive Menu Pro",
    "vendor": "ExpressTech",
    "versions": [
      {
        "lessThan": "4.0.4",
        "status": "affected",
        "version": "4.0.4",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/efca27e0-bdb6-4497-8330-081f909d6933
wordfence	www.wordfence.com/blog/2021/02/multiple-vulnerabilities-patched-in-responsive-menu-plugin/

Parameter	Position	Path	Description	CWE
responsive-menu-import-theme-file	request body	/admin.php?page=responsive-menu	Zip upload by administrator to the plugin upload endpoint can contain PHP webshell leading to remote code execution.	CWE-352

21 Nov 2024 05:52Current

9High risk

Vulners AI Score9

CVSS 26.8

CVSS 3.18.8

EPSS0.00747

CWE-352