Side Menu Security Vulnerabilities

CVE-2024-3476

The Side Menu Lite WordPress plugin before 4.2.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF...

CVE-2023-27418

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Side Menu Lite – add sticky fixed buttons plugin <= 4.0...

CVE-2023-2362

The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box WordPress plugin before 1.2.2, Floating Button WordPress plugin before 5.3.1, Herd Effects...

CVE-2022-0313

The Float menu WordPress plugin before 4.3.1 does not have CSRF check in place when deleting menu, which could allow attackers to make a logged in admin delete them via a CSRF...

CVE-2021-24867

Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to....

CVE-2021-24580

The Side Menu Lite WordPress plugin before 2.2.6 does not sanitise user input from the List page in the admin dashboard before using it in SQL statement, leading to a SQL Injection...

CVE-2021-24521

The Side Menu Lite – add sticky fixed buttons WordPress plugin before 2.2.1 does not properly sanitize input values from the browser when building an SQL statement. Users with the administrator role or permission to manage this plugin could perform an SQL Injection...

CVE-2021-24348

The menu delete functionality of the Side Menu – add fixed side buttons WordPress plugin before 3.1.5, available to Administrator users takes the did GET parameter and uses it into an SQL statement without proper sanitisation, validation or escaping, therefore leading to a SQL Injection...