In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into importing all new settings. These settings could be modified to include malicious JavaScript, therefore allowing an attacker to inject payloads that could aid in further infection of the site.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/923fc3a3-4bcc-4b48-870a-6150e14509b5 | Exploit Third Party Advisory |
https://www.wordfence.com/blog/2021/02/multiple-vulnerabilities-patched-in-responsive-menu-plugin/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2021-04-05T18:27:43
Updated: 2021-04-05T18:27:43
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-24162
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-04-05T19:15:15.233
Modified: 2021-04-08T19:10:16.720
Link: CVE-2021-24162
JSON object: View
Redhat Information
No data.
CWE