Back to search
CVE-2021-24971
Published: Feb 28, 2022
Modified: Aug 3, 2024
PUBLISHED
Description
The WP Responsive Menu WordPress plugin before 3.1.7.1 does not have capability and CSRF checks in the wpr_live_update AJAX action, as well as do not sanitise and escape some of the data submitted. As a result, any authenticated, such as subscriber could update the plugin's settings and perform Cross-Site Scripting attacks against all visitor and users on the frontend
| Vendor | Product | Versions |
|---|---|---|
Unknown | WP Responsive Menu | affected 3.1.7.1 - < 3.1.7.1 |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now