CVE-2021-24971 in WP Responsive Menu PluginИнформация

Сводка

по MITRE • 28.02.2022

The WP Responsive Menu WordPress plugin before 3.1.7.1 does not have capability and CSRF checks in the wpr_live_update AJAX action, as well as do not sanitise and escape some of the data submitted. As a result, any authenticated, such as subscriber could update the plugin's settings and perform Cross-Site Scripting attacks against all visitor and users on the frontend

Be aware that VulDB is the high quality source for vulnerability data.

Резервировать

14.01.2021

Раскрытие

28.02.2022

Модерация

принято

Вход

VDB-193933

EPSS

0.00591

KEV

Нет

Деятельности

Очень низкий

Сектор

Hostingprovider

Источники

Want to know what is going to be exploited?

We predict KEV entries!