CVE-2025-2871 WordPress Mega Menu – QuadMenu <= 3.2.0 - Cross-Site Request Forgery to Limited User Meta Update

The WordPress Mega Menu – QuadMenu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on the ajaxdismissnotice function. This makes it possible for unauthenticated attackers to update a...

CVE-2025-2871 WordPress Mega Menu – QuadMenu <= 3.2.0 - Cross-Site Request Forgery to Limited User Meta Update

The WordPress Mega Menu – QuadMenu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on the ajaxdismissnotice function. This makes it possible for unauthenticated attackers to update a...

WordPress plugin QuadMenu 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site reques...

WordPress QuadMenu plugin <= 3.2.0 - Cross-Site Request Forgery to Limited User Meta Update vulnerability

Cross-Site Request Forgery to Limited User Meta Update vulnerability discovered by Peter Thaleikis in WordPress Plugin QuadMenu versions = 3.2.0...

QuadMenu < 2.0.7 - Unauthenticated RCE via compiler_save

The compilersave AJAX action, available to both authenticated and unauthenticated users did not check the extension of the imported file, and had the nonce used for CSRF check displayed in the homepage. This could allow unauthenticated users to create an arbitrary PHP file on the blog, leading to...

QuadMenu < 2.0.7 - Unauthenticated RCE via compiler_save

The compilersave AJAX action, available to both authenticated and unauthenticated users did not check the extension of the imported file, and had the nonce used for CSRF check displayed in the homepage. This could allow unauthenticated users to create an arbitrary PHP file on the blog, leading to...

WordPress QuadMenu plugin <= 2.0.6 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability found by Mikel Gorraiz in WordPress QuadMenu plugin versions = 2.0.6. Solution Update the WordPress QuadMenu plugin to the latest available version at least 2.0.7...