CVE-2021-24160

HIGH

Responsive Menu < 4.0.4 - Unauthenticated Arbitrary File Upload and Remote Code Execution via Zip Archive Extraction

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2021-24160. PoCs published by likeww, hnthuan1998.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2021-24160, targeting the WordPress Responsive Menu plugin (versions 4.0 to 4.3.0). The exploit authenticates to WordPress and uploads a malicious ZIP file containing a PHP shell, achieving remote code execution (RCE).

Description

In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, subscribers could upload zip archives containing malicious PHP files that would get extracted to the /rmp-menu/ directory. These files could then be accessed via the front end of the site to trigger remote code execution and ultimately allow an attacker to execute commands to further infect a WordPress site.

Exploits (2)

nomisec WORKING POC

by likeww · poc

https://github.com/likeww/Exploit-CVE-2021-24160

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2021-24160, targeting the WordPress Responsive Menu plugin (versions 4.0 to 4.3.0). The exploit authenticates to WordPress and uploads a malicious ZIP file containing a PHP shell, achieving remote code execution (RCE).

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WordPress Plugin Responsive Menu 4.0 - 4.3.0

Auth required

Prerequisites: WordPress credentials · Responsive Menu plugin installed and vulnerable

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Jun 15, 2026 Full analysis →

nomisec WORKING POC

by hnthuan1998 · poc

https://github.com/hnthuan1998/Exploit-CVE-2021-24160

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2021-24160, targeting an authenticated RCE vulnerability in the WordPress Responsive Menu plugin (versions 4.0 to 4.3.0). The exploit authenticates via WordPress credentials and uploads a malicious ZIP file containing a PHP shell to achieve remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WordPress Plugin Responsive Menu 4.0 - 4.3.0

Auth required

Prerequisites: Valid WordPress credentials · Target running vulnerable plugin version

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_confirm

https://wpscan.com/vulnerability/066ba5d4-4aaa-4462-b106-500c1f291c37

Exploit, Third Party Advisory x_refsource_misc

https://www.wordfence.com/blog/2021/02/multiple-vulnerabilities-patched-in-responsive-menu-plugin/

Scores

CVSS v3 8.8

EPSS 0.0842

EPSS Percentile 94.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (1)

expresstech/responsive_menu < 4.0.4 (2 CPE variants)

Published Apr 05, 2021

Tracked Since Feb 18, 2026