CVE-2021-24160
Last modified
CVE-2021-24160 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, subscribers could upload zip archives containing malicious PHP files that would get extracted to the /rmp-menu/ directory. These files could then be accessed via the front end of the site to trigger remote code execution and ultimately allow an attacker to execute commands to further infect a WordPress site.. EPSS estimates a 8.42% chance of exploitation in the next 30 days.
Description
In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, subscribers could upload zip archives containing malicious PHP files that would get extracted to the /rmp-menu/ directory. These files could then be accessed via the front end of the site to trigger remote code execution and ultimately allow an attacker to execute commands to further infect a WordPress site.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Expresstech | Responsive Menu | < 4.0.4 |
References
- https://wpscan.com/vulnerability/066ba5d4-4aaa-4462-b106-500c1f291c37Exploit, Third Party Advisory
- https://www.wordfence.com/blog/2021/02/multiple-vulnerabilities-patched-in-responsive-menu-plugin/Exploit, Third Party Advisory
- https://wpscan.com/vulnerability/066ba5d4-4aaa-4462-b106-500c1f291c37Exploit, Third Party Advisory
- https://www.wordfence.com/blog/2021/02/multiple-vulnerabilities-patched-in-responsive-menu-plugin/Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-24160?
How severe is CVE-2021-24160?
How do I fix CVE-2021-24160?
Are you affected by CVE-2021-24160?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST