Vulnerability Details CVE-2021-24161
In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into uploading a zip archive containing malicious PHP files. The attacker could then access those files to achieve remote code execution and further infect the targeted site.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 72.1%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
- https://wpscan.com/vulnerability/efca27e0-bdb6-4497-8330-081f909d6933
- https://www.wordfence.com/blog/2021/02/multiple-vulnerabilities-patched-in-responsive-menu-plugin/
- https://wpscan.com/vulnerability/efca27e0-bdb6-4497-8330-081f909d6933
- https://www.wordfence.com/blog/2021/02/multiple-vulnerabilities-patched-in-responsive-menu-plugin/
Products affected by CVE-2021-24161
-
cpe:2.3:a:expresstech:responsive_menu:*