WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Responsive Menu < 4.1.8 - Subscriber+ Arbitrary File Upload / Theme Deletion / Plugin Settings Update

Description

The plugin is missing authorisation on multiple of its AJAX actions (such as save_menu_global_settings), and relying on CSRF nonces which are disclosed to any authenticated users. As a result, it could allow them to call the affected actions and lead to arbitrary file upload, theme deletion  as well as plugin settings update issues

Affects Plugins

responsive-menu
Fixed in version 4.1.8

References

CVE
CVE-2022-25602

Classification

Type

INCORRECT AUTHORISATION

OWASP top 10
A5: Broken Access Control
CWE
CWE-863

Miscellaneous

Original Researcher

Dave Jong

Verified

Yes

WPVDB ID
70da5801-3497-4abd-8aa2-2e1e67fe00d7

Timeline

Publicly Published

2022-03-16 (about 4 months ago)

Added

2022-03-20 (about 4 months ago)

Last Updated

2022-04-11 (about 4 months ago)

Our Other Services

WPScan WordPress Security Plugin