Researchers have found three critical vulnerabilities in the Responsive Menu WordPress plugin which exposed over 100,000 sites to takeover attacks. The first flaw made it possible for authenticated attackers with low-level permissions to upload arbitrary files and ultimately achieve remote code execution. The remaining two flaws made it possible for attackers to forge requests that would modify the settings of the plugin and again upload arbitrary files that could lead to remote code execution.
Bug In WordPress Responsive Menu Plugin
Information Security Buzz is an independent resource that provides the experts’ comments, analysis, and opinion on the latest Cybersecurity news and topics