Wordfence Threat Intelligence team responsibly disclosed three vulnerabilities in Responsive Menu, a WordPress plugin installed on over 100,000 sites.
The first flaw made it possible for authenticated attackers with low-level permissions to upload arbitrary files and ultimately achieve remote code execution. The remaining two flaws made it possible for attackers to forge requests that would modify the settings of the plugin and again upload arbitrary files that could lead to remote code execution.
All three vulnerabilities could lead to a site takeover, which could have consequences including backdoors, spam injections, malicious redirects, and other malicious activities.
All three patched flaws are considered medium and critical severity vulnerabilities. Therefore, we highly recommend updating to the patched version, 4.0.4, immediately.
Description: Authenticated Arbitrary File Upload
Affected Plugin: Responsive Menu
Plugin Slug: responsive-menu
Affected Versions: < = 4.0.0 – 4.0.3
CVE ID: Pending.
CVSS Score: 9.9 (Critical)
CVSS Vector:CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Fully Patched Version: 4.0.4
Responsive Menu is a plugin designed to create highly responsive and customizable menus for WordPress sites. It contains several features that allow users to easily create a beautiful menu interface with different colours and designs.
