CVE-2021-24162
Last modified
CVE-2021-24162 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into importing all new settings. These settings could be modified to include malicious JavaScript, therefore allowing an attacker to inject payloads that could aid in further infection of the site.. EPSS estimates a 0.80% chance of exploitation in the next 30 days.
Description
In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into importing all new settings. These settings could be modified to include malicious JavaScript, therefore allowing an attacker to inject payloads that could aid in further infection of the site.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Expresstech | Responsive Menu | < 4.0.4 |
References
- https://wpscan.com/vulnerability/923fc3a3-4bcc-4b48-870a-6150e14509b5Exploit, Third Party Advisory
- https://www.wordfence.com/blog/2021/02/multiple-vulnerabilities-patched-in-responsive-menu-plugin/Exploit, Third Party Advisory
- https://wpscan.com/vulnerability/923fc3a3-4bcc-4b48-870a-6150e14509b5Exploit, Third Party Advisory
- https://www.wordfence.com/blog/2021/02/multiple-vulnerabilities-patched-in-responsive-menu-plugin/Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-24162?
How severe is CVE-2021-24162?
How do I fix CVE-2021-24162?
Are you affected by CVE-2021-24162?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST