CVE-2021-24162

HIGH

Responsive Menu < 4.0.4 - Cross-Site Request Forgery via Settings Import

Title source: llm
STIX 2.1

Description

In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into importing all new settings. These settings could be modified to include malicious JavaScript, therefore allowing an attacker to inject payloads that could aid in further infection of the site.

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_confirm
https://wpscan.com/vulnerability/923fc3a3-4bcc-4b48-870a-6150e14509b5

Scores

CVSS v3 8.8
EPSS 0.0080
EPSS Percentile 52.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (1)
expresstech/responsive_menu < 4.0.4 (2 CPE variants)
Published Apr 05, 2021
Tracked Since Feb 18, 2026