Responsive Menu < 4.1.8 – Subscriber+ Arbitrary File Upload / Theme Deletion / Plugin Settings Update | CVE 2022-25602 | Plugin Vulnerabilities

Description

The plugin is missing authorisation on multiple of its AJAX actions (such as save_menu_global_settings), and relying on CSRF nonces which are disclosed to any authenticated users. As a result, it could allow them to call the affected actions and lead to arbitrary file upload, theme deletion as well as plugin settings update issues

Affects Plugins

responsive-menu

Fixed in 4.1.8

References

CVE

Classification

Type

INCORRECT AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Dave Jong

Verified

Yes

WPVDB ID

70da5801-3497-4abd-8aa2-2e1e67fe00d7

Timeline

Publicly Published

2022-03-16 (about 4 years ago)

Added

2022-03-20 (about 4 years ago)

Last Updated

2022-04-11 (about 4 years ago)

Other

Published

Title

Published

2023-11-28

Title

WCMultiShipping < 2.3.8 - Subscriber+ Arbitrary Account Credentials Test

Published

2024-06-20

Title

WishList Member X < 3.26.7 - Subscriber+ Privilege Escalation

Published

2026-01-30

Title

Ajax Load More – Infinite Scroll, Lazy Load & Load More < 7.8.2 - Incorrect Authorization to Unauthenticated Private/Draft Post Title and Excerpt Exposure

Published

2024-01-29

Title

Avada < 7.11.2 - Contributor+ Arbitrary File Upload

Published

2026-01-06

Title

Rankology SEO and Analytics Tool <= 2.0 - Editor+ Header & Footer Code Creation