Recently we found that the plugin Responsive Menu had a cross-site request forgery (CSRF)/cross-site site scripting (XSS) vulnerability.

The CSRF portion of the vulnerability was due to a lack of a nonce on the plugin’s admin page and a lack of a check for a valid one when processing a request to change the plugin’s options.

For the XSS portion, in the

Share This

We are using cookies on our website

Please confirm, if you accept our tracking cookies. You can also decline the tracking, so you can continue to visit our website without any data sent to third party services.