Vulnerability Discovered in Responsive Menu < = 4.0.0 – 4.0.3

Responsive Menu WordPress plugin has 100,000+ active installations and can be used to easily create mobile friendly menus. With versions prior to 4.0.3, there were multiple vulnerabilities discovered by researchers. The first flaw made it possible for authenticated attackers with low-level permissions to upload arbitrary files and ultimately achieve remote code execution. The remaining two flaws made it possible for attackers to forge requests that would modify the settings of the plugin and again upload arbitrary files that could lead to remote code execution. All three vulnerabilities could lead to a site takeover, which could have consequences including backdoors, spam injections, malicious redirects, and other malicious activities.

The issue has been fixed in Version 4.0.4 which is available now from the WordPress Plugin Repo.