CVE-2022-25602

CVE-2022-25602 affects the WordPress Responsive Menu plugin (versions ≤ 4.1.7). A nonce token leak enables arbitrary file upload, theme deletion, and plugin settings changes. Multiple connected sources (Patchstack, WPVulndb, NVD/NVD-derived entries) corroborate the impact and prioritization as a ...

CVE-2021-24160

CVE-2021-24160 affects the WordPress plugin “Reponsive Menu” (free and Pro) up to version 4.0.3. The issue is an authenticated arbitrary file upload: a subscriber can upload a ZIP containing PHP files that are extracted to the /rmp-menu/ directory (and possibly /rmp-menu/themes/ in some contexts)...

CVE-2017-18513

Affected software: WordPress, plugin “responsive-menu” prior to 3.1.4. Root cause: missing CSRF protection in the admin interface. Vulnerability description: CVE-2017-18513 documents a CSRF risk for admin actions in the responsive-menu plugin. Multiple connected sources (Red Hat, CNVD, NVD, PRION...

CVE-2021-24161

The CVE concerns the WordPress plugin Reponsive Menu (free and Pro) prior to 4.0.4. A CSRF-style flaw lets an attacker craft a request that tricks an administrator into uploading a ZIP archive containing malicious PHP files; the attacker can access these files and achieve remote code execution, e...

CVE-2021-24162

CVE-2021-24162 describes a CSRF to settings update in the Reponsive Menu WordPress plugin (free and Pro) prior to version 4.0.4. An attacker could craft a request to trick an administrator into importing new settings, which could be modified to include malicious JavaScript and enable site infecti...