The WP Responsive Menu WordPress plugin before 3.1.7.1 does not have capability and CSRF checks in the wpr_live_update AJAX action, as well as do not sanitise and escape some of the data submitted. As a result, any authenticated, such as subscriber could update the plugin’s settings and perform Cross-Site Scripting attacks against all visitor and users on the frontend
[
{
"product": "WP Responsive Menu",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.1.7.1",
"status": "affected",
"version": "3.1.7.1",
"versionType": "custom"
}
]
}
]