Lucene search

K

Menu Shortcode Security Vulnerabilities

cve
cve

CVE-2024-1399

The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-06-15 06:15 AM
11
cve
cve

CVE-2024-5427

The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input sanitization and...

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-31 07:15 AM
27
cve
cve

CVE-2024-3726

The Login Logout Register Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'llrmloginlogout' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for....

6.4CVSS

5.8AI Score

0.0004EPSS

2024-05-30 03:15 AM
28
cve
cve

CVE-2023-5565

The Shortcode Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shortmenu' shortcode in versions up to, and including, 3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

6.4CVSS

5.2AI Score

0.0004EPSS

2023-10-30 02:15 PM
12
cve
cve

CVE-2023-5085

The Advanced Menu Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'advMenu' shortcode in versions up to, and including, 0.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with....

6.4CVSS

5.2AI Score

0.0004EPSS

2023-10-25 06:17 PM
11
cve
cve

CVE-2023-4890

The JQuery Accordion Menu Widget for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dcwp-jquery-accordion' shortcode in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS

5.3AI Score

0.001EPSS

2023-09-12 02:15 AM
23
cve
cve

CVE-2023-0395

The menu shortcode WordPress plugin through 1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.4CVSS

5.3AI Score

0.001EPSS

2023-03-27 04:15 PM
23
cve
cve

CVE-2022-4622

The Login Logout Menu WordPress plugin through 1.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.4CVSS

5.3AI Score

0.001EPSS

2023-02-21 09:15 AM
21
cve
cve

CVE-2022-4657

The Restaurant Menu WordPress plugin before 2.3.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.4CVSS

5.3AI Score

0.001EPSS

2023-02-06 08:15 PM
33
cve
cve

CVE-2022-4625

The Login Logout Menu WordPress plugin before 1.4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

5.4CVSS

5.3AI Score

0.001EPSS

2023-01-23 03:15 PM
21