CVE-2021-24971

The WP Responsive Menu WordPress plugin before 3.1.7.1 does not have capability and CSRF checks in the wprliveupdate AJAX action, as well as do not sanitise and escape some of the data submitted. As a result, any authenticated, such as subscriber could update the plugin's settings and perform...

CVE-2021-24971

The WP Responsive Menu WordPress plugin before 3.1.7.1 does not have capability and CSRF checks in the wprliveupdate AJAX action, as well as do not sanitise and escape some of the data submitted. As a result, any authenticated, such as subscriber could update the plugin's settings and perform...

CVE-2021-24971

The WP Responsive Menu WordPress plugin before 3.1.7.1 does not have capability and CSRF checks in the wprliveupdate AJAX action, as well as do not sanitise and escape some of the data submitted. As a result, any authenticated, such as subscriber could update the plugin's settings and perform...

CVE-2021-24971

CVE-2021-24971 affects the WordPress WP Responsive Menu plugin prior to 3.1.7.1. Root cause: lacking capability and CSRF checks in the wpr_live_update AJAX action and insufficient sanitization/escaping of submitted data, allowing an authenticated user (e.g., subscriber) to modify plugin settings ...

WordPress WP Responsive Menu plugin <= 3.1.7 - Subscriber+ Settings Update to Stored Cross-Site (XSS)

Subscriber+ Settings Update to Stored Cross-Site XSS discovered by Krzysztof Zając in WordPress WP Responsive Menu plugin versions = 3.1.7. Solution Update the WordPress WP Responsive Menu plugin to the latest available version at least 3.1.7.1...