CVE-2021-25113
The CVE-2021-25113 entry concerns the WordPress plugin “Dropdown Menu Widget” (versions up to 1.9.7). The vulnerability arises from missing authorization/CSRF checks when saving settings, enabling low-privilege users (e.g., subscribers) to update settings. The issue is compounded by lack of sanit...