What the vulnerability does
01Description
Deserialization of Untrusted Data vulnerability in aThemeArt Translations eDS Responsive Menu eds-responsive-menu allows Object Injection.This issue affects eDS Responsive Menu: from n/a through <= 1.2.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Deserialization of Untrusted Data vulnerability in aThemeArt Translations eDS Responsive Menu eds-responsive-menu allows Object Injection.This issue affects eDS Responsive Menu: from n/a through <= 1.2.
Explanation of Vulnerability in Simple Terms
The eDS Responsive Menu plugin versions 1.2 and earlier contain a deserialization vulnerability that allows authenticated administrators to execute arbitrary PHP code on the site. An attacker with admin access can craft malicious serialized data to trigger code execution during the deserialization process. This vulnerability requires high-level privileges but poses a critical risk to site integrity and confidentiality.
What an attacker can do
Run arbitrary PHP code on the site with full administrative privileges.
Potential impact on your site
A compromised admin account can fully compromise your site, steal data, modify content, or install backdoors.
Conditions required to exploit
Attacker must have WordPress administrator account access; no user interaction required.
Key dates
External resources
Related vulnerabilities