vulnerability

WordPress Plugin: responsive-menu: CVE-2021-24161: Cross-Site Request Forgery (CSRF)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:M/Au:N/C:P/I:P/A:P)	Feb 10, 2021	May 15, 2025	Jun 24, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

Feb 10, 2021

Added

May 15, 2025

Modified

Jun 24, 2025

Description

In the Responsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into uploading a zip archive containing malicious PHP files. The attacker could then access those files to achieve remote code execution and further infect the targeted site.

Solution

responsive-menu-plugin-cve-2021-24161

References

URL-https://www.cve.org/CVERecord?id=CVE-2021-24161
URL-https://www.wordfence.com/threat-intel/vulnerabilities/id/5ac47137-eecf-4f85-a29d-88a86b2a9c48?source=api-prod
CVE-2021-24161
https://attackerkb.com/topics/CVE-2021-24161
CWE-352

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today