Vulnerabilities and security researches forquadmenu quadmenu
Direction: ascendingJun 07, 2024
WordPress Mega Menu – QuadMenu # fb06d5d6f0e1d283dcf005ac94f52eaa0d2b6fdb
- CVE, Research URL
- Application
- Date
- Feb 22, 2021
- Research Description
- WordPress Mega Menu – QuadMenu [quadmenu] < 2.0.7 WordPress QuadMenu plugin <= 2.0.6 - Remote Code Execution (RCE) vulnerability Remote Code Execution (RCE) vulnerability found by Mikel Gorraiz in WordPress QuadMenu plugin (versions <= 2.0.6).
- Affected versions
-
max 2.0.7.
- Status
-
vulnerable
Oct 18, 2024
WordPress Mega Menu – QuadMenu # CVE-2021-4443
- CVE, Research URL
- Application
- Date
- Oct 16, 2024
- Research Description
- The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions up to, and including, 2.0.6 via the compiler_save AJAX action. This makes it possible for unauthenticated attackers to create arbitrary PHP files that can be used to execute malicious code.
- Affected versions
-
max 2.0.7.
- Status
-
vulnerable
Apr 14, 2025
WordPress Mega Menu – QuadMenu # CVE-2025-2871
- CVE, Research URL
- Application
- Date
- Apr 12, 2025
- Research Description
- The WordPress Mega Menu – QuadMenu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on the ajax_dismiss_notice() function. This makes it possible for unauthenticated attackers to update any user meta to a value of one, including wp_capabilities which could result in a privilege deescalation of an administrator, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
- Affected versions
-
max 3.2.1.
- Status
-
vulnerable