ThreatPress

WordPress Vulnerability Database

Back

WordPress QuadMenu plugin <= 2.0.6 - Remote Code Execution (RCE) vulnerability

Product
QuadMenu
Description
Remote Code Execution (RCE) vulnerability found by Mikel Gorraiz in WordPress QuadMenu plugin (versions <= 2.0.6).
Solution
Update the WordPress QuadMenu plugin to the latest available version (at least 2.0.7).
Classification
Type Arbitrary Code Execution
OWASP Top 10 A1: Injection
References
Vulnerability details
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <= 2.0.6
Fixed In 2.0.7
Disclosure date
2021-02-22
Credits
Mikel Gorraiz