Quadlayers Quadmenu Mega Menu vulnerabilities
2 known vulnerabilities affecting quadlayers/quadmenu_mega_menu.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2021-4443P1CRITICALCVSS 9.8Exploited≤ 2.0.62024-10-16
CVE-2021-4443 [CRITICAL] CWE-434 CVE-2021-4443: The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions up
The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions up to, and including, 2.0.6 via the compiler_save AJAX action. This makes it possible for unauthenticated attackers to create arbitrary PHP files that can be used to execute malicious code.
nvd
CVE-2025-2871P4MEDIUMCVSS 4.3≤ 3.2.02025-04-12
CVE-2025-2871 [MEDIUM] CWE-352 CVE-2025-2871: The WordPress Mega Menu – QuadMenu plugin for WordPress is vulnerable to Cross-Site Request Forgery
The WordPress Mega Menu – QuadMenu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on the ajax_dismiss_notice() function. This makes it possible for unauthenticated attackers to update any user meta to a value of one, including wp_capabili
nvd