The plugin is missing authorisation on multiple of its AJAX actions (such as save_menu_global_settings), and relying on CSRF nonces which are disclosed to any authenticated users. As a result, it could allow them to call the affected actions and lead to arbitrary file upload, theme deletion as well as plugin settings update issues
CPE | Name | Operator | Version |
---|---|---|---|
responsive-menu | lt | 4.1.8 |