Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin (versions <= 4.1.7). https://patchstack.com/database/vulnerability/responsive-menu/wordpress-responsive-menu-plugin-4-1-7-nonce-token-leak-leading-to-arbitrary-file-upload-theme-deletion-plugin-settings-change-vulnerability https://wordpress.org/plugins/responsive-menu/#developers
Created wordpress tracking bugs for this issue: Affects: epel-all [bug 2087643] Affects: fedora-all [bug 2087644]