Vulnerabilities > Expresstech > Responsive Menu

DATE CVE VULNERABILITY TITLE RISK
2022-03-18 CVE-2022-25602 Unrestricted Upload of File with Dangerous Type vulnerability in Expresstech Responsive Menu
Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin (versions <= 4.1.7).
network
low complexity
expresstech CWE-434
6.5
2021-04-05 CVE-2021-24162 Cross-Site Request Forgery (CSRF) vulnerability in Expresstech Responsive Menu
In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into importing all new settings.
6.8
2021-04-05 CVE-2021-24161 Cross-Site Request Forgery (CSRF) vulnerability in Expresstech Responsive Menu
In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into uploading a zip archive containing malicious PHP files.
6.8
2021-04-05 CVE-2021-24160 Unrestricted Upload of File with Dangerous Type vulnerability in Expresstech Responsive Menu
In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, subscribers could upload zip archives containing malicious PHP files that would get extracted to the /rmp-menu/ directory.
network
low complexity
expresstech CWE-434
6.5
2019-08-14 CVE-2017-18513 Cross-Site Request Forgery (CSRF) vulnerability in Expresstech Responsive Menu
The responsive-menu plugin before 3.1.4 for WordPress has no CSRF protection mechanism for the admin interface.
6.8