One of the things that makes WordPress so attractive is that it’s insanely easy to customize. That is because there are thousands of plugins offers by a wide range of third-party vendors and developers that can change the software or enhance its capabilities making it possible to do just about anything.
One of the more popular WordPress plugins is “Responsive Menu.” As the name suggests, its purpose is to give administrators create W3C compliant and mobile-ready site menus. The idea here is that depending on what type of device you’re browsing a website from, the menu needs to be different in order to display with the greatest efficiency and be responsive to the user’s clicks or taps. The Responsive Menu plugin helps make that happen.
Unfortunately, popular, genuinely useful plugins are often targets for hackers. In this case, security researchers on the Wordfence Threat Intelligence team find a trio of different vulnerabilities in the plugin, with some evidence that hackers know about and are using them in the wild to gain control over systems running the Responsive Menu Plugin, and Exposes Websites To Hack.
Critical Flaws
All three flaws have ratings as critical, and all three ultimately allow a hacker to gain complete control over a site running the plugin.
The good news is that the plugin’s company responds quickly and patches the plugin to address the security issues. Unfortunately, that only helps users who regularly update their plugins. Based on current estimates, more than 50,000 websites are running an older version of the plugin that leaves them vulnerable.
The version number you’re looking for to make sure you’re protected is version 4.0.4. If you’re running anything before that, upgrade as soon as possible.
