cleantalk
Vulnerabilities and Security Researches

WordPress Mega Menu – QuadMenu, CVE-2021-4443

CVE, Research URL

CVE-2021-4443

Home page URL

Security reports for WordPress Mega Menu – QuadMenu

Application

WordPress Mega Menu – QuadMenu

Published on
Oct 16, 2024
Research Description
The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions up to, and including, 2.0.6 via the compiler_save AJAX action. This makes it possible for unauthenticated attackers to create arbitrary PHP files that can be used to execute malicious code.
Affected versions
Min -, max 2.0.7.
Status
vulnerable
Previous vulnerability researches
WordPress Mega Menu – QuadMenu (CVE-2025-2871) , Apr 14, 2025
WordPress Mega Menu – QuadMenu (CVE-2021-4443) , Oct 18, 2024
WordPress Mega Menu – QuadMenu (fb06d5d6f0e1d283dcf005ac94f52eaa0d2b6fdb) , Jun 07, 2024
New vulnerability
Course Booking System (CVE-2025-32508) , Apr 19, 2025
Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Wo (CVE-2025-39588) , Apr 19, 2025
VR-Frases (collect & share quotes) (CVE-2025-0861) , Apr 19, 2025
VR-Frases (collect & share quotes) (CVE-2025-22636) , Apr 19, 2025
VR-Frases (collect & share quotes) (CVE-2024-13626) , Apr 19, 2025