In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into importing all new settings. These settings could be modified to include malicious JavaScript, therefore allowing an attacker to inject payloads that could aid in further infection of the site.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2021-04-05T18:27:43
Updated: 2024-08-03T19:21:18.635Z
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-24162
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-04-05T19:15:15.233
Modified: 2024-11-21T05:52:29.907
Link: CVE-2021-24162
Redhat
No data.