CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-25113

The Dropdown Menu Widget WordPress plugin through 1.9.7 does not have authorisation and CSRF checks when saving its settings, allowing low privilege users such as subscriber to update them. Due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 38.9%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 3.5

References

https://wpscan.com/vulnerability/7a5078db-e0d4-4076-9de9-5401c3ca0d65
https://wpscan.com/vulnerability/7a5078db-e0d4-4076-9de9-5401c3ca0d65

Products affected by CVE-2021-25113

Dropdown Menu Widget Project » Dropdown Menu Widget » Version: N/A

cpe:2.3:a:dropdown_menu_widget_project:dropdown_menu_widget:-
Dropdown Menu Widget Project » Dropdown Menu Widget » Version: 1.9.7

cpe:2.3:a:dropdown_menu_widget_project:dropdown_menu_widget:1.9.7

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-25113

Products

Pricing

Contact Us