Description
WordPress Plugin Mega Menu for WordPress-AP Mega Menu [only if downloaded via the vendor website] contains suspicious code. Attackers can exploit this issue to perform a variety of actions. Successful attacks will compromise the affected application and possibly the webserver or computer. WordPress Plugin Mega Menu for WordPress-AP Mega Menu version 3.0.5 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.0.6 or latest
References
Related Vulnerabilities
WordPress Plugin rtMedia for WordPress, BuddyPress and bbPress SQL Injection (3.7.39)
Joomla Insufficient Verification of Data Authenticity Vulnerability (CVE-2020-15699)
OpenSSL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2018-0734)
WordPress Plugin WP Accessibility Cross-Site Scripting (1.6.10)