CVE-2022-25602

HIGH

Expresstech Responsive Menu < 4.1.7 - Information Disclosure

Title source: rule

Description

Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin (versions <= 4.1.7).

References (2)

Core 2

Core References

Product, Release Notes x_refsource_confirm

https://wordpress.org/plugins/responsive-menu/#developers

Third Party Advisory x_refsource_confirm

https://patchstack.com/database/vulnerability/responsive-menu/wordpress-responsive-menu-plugin-4-1-7-nonce-token-leak-leading-to-arbitrary-file-upload-theme-deletion-plugin-settings-change-vulnerability

Scores

CVSS v3 8.3

EPSS 0.0082

EPSS Percentile 74.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-434 CWE-200

Status published

Products (2)

ExpressTech/Responsive Menu (WordPress plugin) <= 4.1.7 - 4.1.7

expresstech/responsive_menu < 4.1.7

Published Mar 18, 2022

Tracked Since Feb 18, 2026