logo
DATABASE RESOURCES PRICING ABOUT US

Responsive Menu 4.0.0 - 4.0.3 - Authenticated Arbitrary File Upload

Description

"A subscriber could upload zip archives containing malicious PHP files that would get extracted to the /rmp-menu/themes/ directory. These files could then be accessed via the front end of the site to trigger remote code execution and ultimately allow an attacker to execute commands to further infect a WordPress site."


Related