CVE-2021-24160

Name of the Vulnerable Software and Affected Versions: Reponsive Menu (free and Pro) versions prior to 4.0.4

Description: The issue allows subscribers to upload zip archives containing malicious PHP files to the /rmp-menu/ directory. These files can then be accessed via the front end of the site, triggering remote code execution and potentially allowing an attacker to execute commands to further infect a WordPress site.

Recommendations: For versions prior to 4.0.4, update to version 4.0.4 or later to resolve the issue. As a temporary workaround, consider restricting subscriber upload capabilities or disabling the ability to upload zip archives until the update is applied.