CVE-2021-24162
Summary
| CVE | CVE-2021-24162 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-04-05 19:15:00 UTC |
| Updated | 2021-04-08 19:10:00 UTC |
| Description | In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into importing all new settings. These settings could be modified to include malicious JavaScript, therefore allowing an attacker to inject payloads that could aid in further infection of the site. |
Risk And Classification
Problem Types: CWE-352
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Expresstech | Responsive Menu | All | All | All | All |
| Application | Expresstech | Responsive Menu | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Multiple Vulnerabilities Patched in Responsive Menu Plugin | MISC | www.wordfence.com | |
| Attention Required! | Cloudflare | CONFIRM | wpscan.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Chloe Chamberland
There are currently no legacy QID mappings associated with this CVE.