Vulnerabilities > CVE-2021-24971 - Unspecified vulnerability in Magnigenie WP Responsive Menu
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
The WP Responsive Menu WordPress plugin before 3.1.7.1 does not have capability and CSRF checks in the wpr_live_update AJAX action, as well as do not sanitise and escape some of the data submitted. As a result, any authenticated, such as subscriber could update the plugin's settings and perform Cross-Site Scripting attacks against all visitor and users on the frontend
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |