Vulnerabilities > Expresstech > Responsive Menu > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-18 | CVE-2022-25602 | Unrestricted Upload of File with Dangerous Type vulnerability in Expresstech Responsive Menu Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin (versions <= 4.1.7). | 6.5 |
| 2021-04-05 | CVE-2021-24162 | Cross-Site Request Forgery (CSRF) vulnerability in Expresstech Responsive Menu In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into importing all new settings. | 6.8 |
| 2021-04-05 | CVE-2021-24161 | Cross-Site Request Forgery (CSRF) vulnerability in Expresstech Responsive Menu In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into uploading a zip archive containing malicious PHP files. | 6.8 |
| 2021-04-05 | CVE-2021-24160 | Unrestricted Upload of File with Dangerous Type vulnerability in Expresstech Responsive Menu In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, subscribers could upload zip archives containing malicious PHP files that would get extracted to the /rmp-menu/ directory. | 6.5 |
| 2019-08-14 | CVE-2017-18513 | Cross-Site Request Forgery (CSRF) vulnerability in Expresstech Responsive Menu The responsive-menu plugin before 3.1.4 for WordPress has no CSRF protection mechanism for the admin interface. | 6.8 |