Lucene search
K

8 matches found

CNVD
CNVD
added 2025/10/13 12:0 a.m.5 views

WordPress BP Direct Menus plugin cross-site scripting vulnerability

WordPress BP Direct Menus plugin is a menu management plugin for WordPress, which is mainly used to realize the quick jump function of menu items. WordPress BP Direct Menus plugin has a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of the bpdmlogi...

6.4CVSS6.2AI score0.0018EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-31681

Malicious code in bioql PyPI...

6.4CVSS6.6AI score0.0018EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/01 4:23 a.m.11 views

CVE-2025-10189

The BP Direct Menus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bpdmlogin' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5AI score0.0018EPSS
Exploits0References1
NVD
NVD
added 2025/09/30 11:37 a.m.4 views

CVE-2025-10189

The BP Direct Menus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bpdmlogin' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.0018EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/30 3:35 a.m.3 views

CVE-2025-10189 BP Direct Menus <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The BP Direct Menus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bpdmlogin' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS4.7AI score0.0018EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/30 3:35 a.m.7 views

CVE-2025-10189 BP Direct Menus <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The BP Direct Menus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bpdmlogin' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.0018EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/09/30 12:29 a.m.6 views

WordPress BP Direct Menus plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin BP Direct Menus versions = 1.0.0...

6.4CVSS5.6AI score0.0018EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/09/30 12:0 a.m.4 views

WordPress plugin BP Direct Menus 跨站脚本漏洞

WordPress BP Direct Menus plugin is a menu management plugin for WordPress, which is mainly used to realize the quick jump function of menu items. WordPress BP Direct Menus plugin has a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of the bpdmlogi...

6.4CVSS6.1AI score0.0018EPSS
Exploits0References2
Rows per page
Query Builder