CVE-2026-32456

Cross-Site Request Forgery CSRF vulnerability in Janis Elsts Admin Menu Editor admin-menu-editor allows Cross Site Request Forgery.This issue affects Admin Menu Editor: from n/a through = 1.14.1...

WordPress The Ultimate WordPress Toolkit - WP Extended plugin <= 3.2.4 - Authenticated (Subscriber+) Privilege Escalation via Menu Editor Module vulnerability

WordPress The Ultimate WordPress Toolkit - WP Extended plugin = 3.2.4 - Authenticated Subscriber+ Privilege Escalation via Menu Editor Module vulnerability discovered by Hung Nguyen yoriss - VN in WordPress Plugin The Ultimate WordPress Toolkit – WP Extended versions = 3.2.4...

CVE-2026-4314 The Ultimate WordPress Toolkit – WP Extended <= 3.2.4 - Authenticated (Subscriber+) Privilege Escalation via Menu Editor Module

The 'The Ultimate WordPress Toolkit – WP Extended' plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.4. This is due to the isDashboardOrProfileRequest method in the Menu Editor module using an insecure strpos check against $SERVER'REQUESTURI' to...

CVE-2026-4314

The CVE concerns The Ultimate WordPress Toolkit – WP Extended plugin for WordPress (up to version 3.2.4). In the Menu Editor module, isDashboardOrProfileRequest() uses an insecure strpos() check against $_SERVER['REQUEST_URI'] to detect dashboard/profile requests. The grantVirtualCaps() function ...

CVE-2026-4314 The Ultimate WordPress Toolkit – WP Extended <= 3.2.4 - Authenticated (Subscriber+) Privilege Escalation via Menu Editor Module

The 'The Ultimate WordPress Toolkit – WP Extended' plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.4. This is due to the isDashboardOrProfileRequest method in the Menu Editor module using an insecure strpos check against $SERVER'REQUESTURI' to...

PT-2026-26965

The 'The Ultimate WordPress Toolkit – WP Extended' plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.4. This is due to the isDashboardOrProfileRequest method in the Menu Editor module using an insecure strpos check against $ SERVER'REQUEST URI' t...

EUVD-2026-12011

Cross-Site Request Forgery CSRF vulnerability in Janis Elsts Admin Menu Editor admin-menu-editor allows Cross Site Request Forgery.This issue affects Admin Menu Editor: from n/a through = 1.14.1...

CVE-2026-32456

Cross-Site Request Forgery CSRF vulnerability in Janis Elsts Admin Menu Editor admin-menu-editor allows Cross Site Request Forgery.This issue affects Admin Menu Editor: from n/a through = 1.14.1...

CVE-2026-32456

Cross-Site Request Forgery CSRF vulnerability in Janis Elsts Admin Menu Editor admin-menu-editor allows Cross Site Request Forgery.This issue affects Admin Menu Editor: from n/a through = 1.14.1...

CVE-2026-32456 WordPress Admin Menu Editor plugin <= 1.14.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Janis Elsts Admin Menu Editor admin-menu-editor allows Cross Site Request Forgery.This issue affects Admin Menu Editor: from n/a through = 1.14.1...

CVE-2026-32456 WordPress Admin Menu Editor plugin <= 1.14.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Janis Elsts Admin Menu Editor admin-menu-editor allows Cross Site Request Forgery.This issue affects Admin Menu Editor: from n/a through = 1.14.1...

CVE-2026-32456

The CVE concerns the WordPress plugin Admin Menu Editor (admin-menu-editor) with versions up to and including 1.14.1, reporting a Cross-Site Request Forgery (CSRF) vulnerability. The connected records only state the issue as a CSRF vulnerability affecting Admin Menu Editor and do not provide tech...

PT-2026-25300

Cross-Site Request Forgery CSRF vulnerability in Janis Elsts Admin Menu Editor admin-menu-editor allows Cross Site Request Forgery.This issue affects Admin Menu Editor: from n/a through = 1.14.1...

WordPress plugin Admin Menu Editor 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. Versions of...

WordPress Admin Menu Editor plugin <= 1.14.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by timomangcut in WordPress Plugin Admin Menu Editor versions = 1.14.1...

CVE-2022-0625

The Admin Menu Editor WordPress plugin through 1.0.4 does not sanitize and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...

EUVD-2022-15722

Malicious code in bioql PyPI...

EUVD-2024-22239

Malicious code in bioql PyPI...

WordPress Admin Menu Editor plugin cross-site scripting vulnerability

WordPress Admin Menu Editor plugin is a plugin for customizing and managing backend menus, supporting reordering, hiding/showing menu items, modifying permissions and more. WordPress Admin Menu Editor plugin suffers from a cross-site scripting vulnerability that stems from insufficient input...

CVE-2025-9493

The Admin Menu Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘placeholder’ parameter in all versions up to, and including, 1.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level acce...