WordPress Conditional Menus plugin <= 1.2.6 - Cross-Site Request Forgery to Menu Options Update vulnerability

Cross-Site Request Forgery to Menu Options Update vulnerability discovered by Daniel Basta whizzu - NASK PIB in WordPress Plugin Conditional Menus versions = 1.2.6...

CVE-2026-1032

The Conditional Menus plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.6. This is due to missing nonce validation on the 'saveoptions' function. This makes it possible for unauthenticated attackers to modify conditional menu assignments vi...

EUVD-2026-16171

The Conditional Menus plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.6. This is due to missing nonce validation on the 'saveoptions' function. This makes it possible for unauthenticated attackers to modify conditional menu assignments vi...

CVE-2026-1032

The Conditional Menus plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.6. This is due to missing nonce validation on the 'saveoptions' function. This makes it possible for unauthenticated attackers to modify conditional menu assignments vi...

CVE-2026-1032 Conditional Menus <= 1.2.6 - Cross-Site Request Forgery to Menu Options Update

The Conditional Menus plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.6. This is due to missing nonce validation on the 'saveoptions' function. This makes it possible for unauthenticated attackers to modify conditional menu assignments vi...

CVE-2026-1032 Conditional Menus <= 1.2.6 - Cross-Site Request Forgery to Menu Options Update

The Conditional Menus plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.6. This is due to missing nonce validation on the 'saveoptions' function. This makes it possible for unauthenticated attackers to modify conditional menu assignments vi...

CVE-2026-1032

The CVE-2026-1032 entry concerns the WordPress plugin Conditional Menus . Affected versions: all up to and including 1.2.6. Root cause: missing nonce validation in the save_options function, enabling CSRF. Impact: unauthenticated attackers could modify conditional menu assignments through a forge...

WordPress plugin Conditional Menus 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

PT-2026-28310

Name of the Vulnerable Software and Affected Versions Conditional Menus for WordPress versions prior to 1.2.7 Description The Conditional Menus plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF in all versions up to and including 1.2.6. The issue stems from the absence of non...

CVE-2023-2654

The Conditional Menus WordPress plugin before 1.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-2654

The Conditional Menus WordPress plugin before 1.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-2654 Conditional Menus < 1.2.1 - Reflected XSS

The Conditional Menus WordPress plugin before 1.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-2654 Conditional Menus < 1.2.1 - Reflected XSS

The Conditional Menus WordPress plugin before 1.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

PT-2023-20716 · WordPress · Conditional Menus

Name of the Vulnerable Software and Affected Versions: Conditional Menus WordPress plugin versions prior to 1.2.1 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly escaped before being outputted back in an attribute. This...

WordPress Plugin Conditional Menus 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Conditional Menus Plugin < 1.2.1 is vulnerable to Cross Site Scripting (XSS)

Software Conditional Menus Type Plugin Vulnerable versions 1.2.1 Fixed in 1.2.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2654 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 0dced483a914 Credits Erwan LR WPScan Requir...

Conditional Menus < 1.2.1 - Reflected XSS

The plugin does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page with the HTML code below '...