Description
WordPress Plugin Effectively Add & Customize Free Icons For WordPress Menus-WP Menu Icons Lite [only if downloaded via the vendor website] contains suspicious code. Attackers can exploit this issue to perform a variety of actions. Successful attacks will compromise the affected application and possibly the webserver or computer. WordPress Plugin Effectively Add & Customize Free Icons For WordPress Menus-WP Menu Icons Lite version 1.0.8 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.0.9 or latest
References
Related Vulnerabilities
WordPress 5.9.x Multiple Vulnerabilities (5.9 - 5.9.7)
Apache HTTP Server Insufficient Verification of Data Authenticity Vulnerability (CVE-2020-11985)
WordPress Plugin Directories Pro Cross-Site Scripting (1.3.45)
WordPress Plugin WP Photo Album Plus 'wppa-album' Parameter SQL Injection (4.1.1)
Jboss EAP Improper Input Validation Vulnerability (CVE-2020-1757)