Wordfence Threat Intelligence team responsibly disclosed three vulnerabilities in Responsive Menu, a WordPress plugin installed on over 100,000 sites. The first flaw made it possible for authenticated attackers with low-level permissions to upload arbitrary files and ultimately achieve remote code execution. The remaining two flaws made it possible for attackers to forge requests that would modify the settings of the plugin and again upload arbitrary files that could lead to remote code execution. All three vulnerabilities could lead to a site takeover, which could have consequences including backdoors, spam injections, malicious redirects, and other malicious activities.
Responsive Menu is a plugin designed to create highly responsive and customizable menus for WordPress sites. It contains several features that allow users to easily create a beautiful menu interface with different colors and designs. As part of the plugin’s functionality, site owners have the option to import themes from zip files that can either by custom creations or downloaded from the Responsive Menu site. In order to provide this functionality, the plugin registered an admin_post action, admin_post_rmp_upload_theme_file, tied to the function rmp_upload_theme.
