Recently we found that the plugin Responsive Menu had a cross-site request forgery (CSRF)/cross-site site scripting (XSS) vulnerability.

The CSRF portion of the vulnerability was due to a lack of a nonce on the plugin’s admin page and a lack of a check for a valid one when processing a request to change the plugin’s options.

For the XSS portion, in the

Share This