Refine your search
2 vulnerabilities found for QuadMenu – Mega Menu by quadlayers
CVE-2025-2871 (GCVE-0-2025-2871)
Vulnerability from cvelistv5
Published
2025-04-12 03:21
Modified
2026-04-08 16:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Summary
The WordPress Mega Menu – QuadMenu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on the ajax_dismiss_notice() function. This makes it possible for unauthenticated attackers to update any user meta to a value of one, including wp_capabilities which could result in a privilege deescalation of an administrator, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| quadlayers | QuadMenu – Mega Menu |
Version: 0 ≤ 3.2.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2871",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T16:27:26.139304Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T16:29:58.621Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QuadMenu \u2013 Mega Menu",
"vendor": "quadlayers",
"versions": [
{
"lessThanOrEqual": "3.2.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Peter Thaleikis"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WordPress Mega Menu \u2013 QuadMenu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on the ajax_dismiss_notice() function. This makes it possible for unauthenticated attackers to update any user meta to a value of one, including wp_capabilities which could result in a privilege deescalation of an administrator, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:38:17.495Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ba7b675-54d6-4f0e-b60f-1c7fa6ff24ea?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/quadmenu/tags/3.2.0/lib/class-admin.php#L105"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3270825/quadmenu/tags/3.2.1/lib/class-admin.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-11T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "WordPress Mega Menu \u2013 QuadMenu \u003c= 3.2.0 - Cross-Site Request Forgery to Limited User Meta Update"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-2871",
"datePublished": "2025-04-12T03:21:34.380Z",
"dateReserved": "2025-03-27T13:52:24.613Z",
"dateUpdated": "2026-04-08T16:38:17.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-4443 (GCVE-0-2021-4443)
Vulnerability from cvelistv5
Published
2024-10-16 06:43
Modified
2026-04-08 16:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Summary
The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions up to, and including, 2.0.6 via the compiler_save AJAX action. This makes it possible for unauthenticated attackers to create arbitrary PHP files that can be used to execute malicious code.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| quadlayers | QuadMenu – Mega Menu |
Version: 0 ≤ 2.0.6 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:quadlayers:wordpress_mega_menu-quadmenu:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wordpress_mega_menu-quadmenu",
"vendor": "quadlayers",
"versions": [
{
"lessThanOrEqual": "2.0.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-4443",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T18:20:57.641308Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T18:22:21.423Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QuadMenu \u2013 Mega Menu",
"vendor": "quadlayers",
"versions": [
{
"lessThanOrEqual": "2.0.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "MikelGorraiz"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions up to, and including, 2.0.6 via the compiler_save AJAX action. This makes it possible for unauthenticated attackers to create arbitrary PHP files that can be used to execute malicious code."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:33:03.764Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/04003542-fd62-4587-9834-70e7fe8f08ef?source=cve"
},
{
"url": "https://sh3llcon.org/la-debilidad-de-wordpress/"
},
{
"url": "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-wordpress-mega-menu-quadmenu-remote-code-execution-2-0-6/"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-02-22T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "WordPress Mega Menu \u003c= 2.0.6 - Arbitrary File Creation"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2021-4443",
"datePublished": "2024-10-16T06:43:23.798Z",
"dateReserved": "2024-10-15T18:21:15.617Z",
"dateUpdated": "2026-04-08T16:33:03.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}