hnthuan1998

2 exploits Active since Apr 2021
CVE-2021-24160 NOMISEC HIGH
Responsive Menu < 4.0.4 - Unauthenticated Arbitrary File Upload and Remote Code Execution via Zip Archive Extraction
In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, subscribers could upload zip archives containing malicious PHP files that would get extracted to the /rmp-menu/ directory. These files could then be accessed via the front end of the site to trigger remote code execution and ultimately allow an attacker to execute commands to further infect a WordPress site.
CVSS 8.8
CVE-2021-24160 NOMISEC HIGH WORKING POC
Responsive Menu < 4.0.4 - Unauthenticated Arbitrary File Upload and Remote Code Execution via Zip Archive Extraction
In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, subscribers could upload zip archives containing malicious PHP files that would get extracted to the /rmp-menu/ directory. These files could then be accessed via the front end of the site to trigger remote code execution and ultimately allow an attacker to execute commands to further infect a WordPress site.
CVSS 8.8