Expresstech Responsive Menu — known CVE vulnerabilities
Every CVE whose affected-product data names Expresstech Responsive Menu, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2017-18513 — CVSS 8.8 (high): The responsive-menu plugin before 3.1.4 for WordPress has no CSRF protection mechanism for the admin interface.
CVE-2021-24160 — CVSS 8.8 (high): In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, subscribers could upload zip archives containing malicious PHP files…
CVE-2021-24161 — CVSS 8.8 (high): In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into…
CVE-2021-24162 — CVSS 8.8 (high): In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into…
CVE-2022-25602 — CVSS 8.3 (high): Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu…