EUVD-2026-11786

The Social Icons Widget & Block by WPZOOM plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check in the addmenuitem method hooked to adminmenu in all versions up to, and including, 4.5.8. This is due to the method performing wpinsertpost and...

CVE-2026-2079

A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This vulnerability affects the function addMenu/updateMenu/deleteMenu of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\MenuController.java of the component Menu Management. Executi...

EUVD-2026-5734

A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This vulnerability affects the function addMenu/updateMenu/deleteMenu of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\MenuController.java of the component Menu Management. Executi...

PT-2026-6897

Name of the Vulnerable Software and Affected Versions yeqifu warehouse affected versions not specified Description A flaw exists that can lead to improper authorization. The issue affects the addMenu, updateMenu, and deleteMenu functions within the MenuController.java file located in the...

CVE-2025-15403

CVE-2025-15403 affects the RegistrationMagic WordPress plugin (versions

EUVD-2023-30743

Malicious code in bioql PyPI...

CVE-2025-5628

A vulnerability, which was classified as problematic, has been found in SourceCodester Food Menu Manager 1.0. Affected by this issue is some unknown functionality of the file /index.php of the component Add Menu Handler. The manipulation of the argument name/description leads to cross site...

CVE-2025-5628

A vulnerability, which was classified as problematic, has been found in SourceCodester Food Menu Manager 1.0. Affected by this issue is some unknown functionality of the file /index.php of the component Add Menu Handler. The manipulation of the argument name/description leads to cross site...

SourceCodester Food Menu Manager 安全漏洞

SourceCodester Food Menu Manager is a SourceCodester open source food menu manager. A security vulnerability exists in SourceCodester Food Menu Manager version 1.0, which stems from improper manipulation of the parameters name and description by the component Add Menu Handler, which could lead to...

CVE-2023-26952

onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting XSS vulnerability via the Add Menu module...

PT-2024-20434 · Unknown · Flusity-Cms

Name of the Vulnerable Software and Affected Versions: flusity-CMS version 2.33 Description: A Cross Site Request Forgery CSRF issue allows remote attackers to execute arbitrary code via the add menu.php component. This enables attackers to perform unauthorized actions on behalf of a legitimate...

PT-2023-10177 · Bestwebsoft · Bestwebsoft Portfolio Plugin

Name of the Vulnerable Software and Affected Versions: BestWebSoft Portfolio Plugin versions up to 2.27 Description: A vulnerability was found in the BestWebSoft Portfolio Plugin, affecting the function bws add menu render of the file bws menu/bws menu.php. The manipulation of the argument bwsmn...

PT-2023-10163 · Bestwebsoft · Bestwebsoft Contact Form Plugin

Name of the Vulnerable Software and Affected Versions: BestWebSoft Contact Form Plugin version 1.3.4 Description: A vulnerability was found in the BestWebSoft Contact Form Plugin and classified as problematic. The issue affects the function bws add menu render of the file bws menu/bws menu.php. T...

CVE-2023-26952

onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting XSS vulnerability via the Add Menu module...

CVE-2023-26952

onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting XSS vulnerability via the Add Menu module...

CVE-2023-26952

onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting XSS vulnerability via the Add Menu module...

OneKeyAdmin 跨站脚本漏洞

OneKeyAdmin is About plug-in management system based on Thinkphp6+Element, website, applets, malls, CMS, APP, ERP, API interface a system to get it all done, no scaffolding out of the box! A security vulnerability exists in OneKeyAdmin v1.3.9, which stems from a stored cross-site scripting XSS...

CVE-2023-26952

CVE-2023-26952 affects OneKeyAdmin v1.3.9, with a stored cross-site scripting (XSS) vulnerability exposed through the Add Menu module. Multiple connected sources corroborate a stored XSS issue in OneKeyAdmin v1.3.9 but do not provide concrete details on root cause beyond the Add Menu vector, impa...

CVE-2023-26952

onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting XSS vulnerability via the Add Menu module...

CVE-2021-45017

Cross Site Request Forgery CSRF vulnerability exits in Catfish =6.1. when you upload an html file containing CSRF on the website that uses a google editor; you can specify the menu url address as your malicious url address in the Add Menu column...