59 matches found
CVE-2025-9493
The Admin Menu Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘placeholder’ parameter in all versions up to, and including, 1.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level acce...
CVE-2025-9493
CVE-2025-9493 describes a Stored Cross-Site Scripting vulnerability in the WordPress plugin Admin Menu Editor. The root cause is insufficient input sanitization and output escaping for the placeholder parameter, enabling an authenticated attacker with Author-level access or higher to inject scrip...
CVE-2025-9493 Admin Menu Editor <= 1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via placeholder Parameter
The Admin Menu Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘placeholder’ parameter in all versions up to, and including, 1.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level acce...
CVE-2025-9493 Admin Menu Editor <= 1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via placeholder Parameter
The Admin Menu Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘placeholder’ parameter in all versions up to, and including, 1.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level acce...
WordPress Admin Menu Editor plugin <= 1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via placeholder Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via placeholder Parameter vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Admin Menu Editor versions = 1.14...
WordPress plugin Admin Menu Editor 跨站脚本漏洞
WordPress Admin Menu Editor plugin is a plugin for customizing and managing backend menus, supporting reordering, hiding/showing menu items, modifying permissions and more. WordPress Admin Menu Editor plugin suffers from a cross-site scripting vulnerability that stems from insufficient input...
CVE-2024-30953
A stored cross-site scripting XSS vulnerability in Htmly v2.9.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link Name parameter of Menu Editor module...
CVE-2024-24876
Cross-Site Request Forgery CSRF vulnerability in Janis Elsts Admin Menu Editor.This issue affects Admin Menu Editor: from n/a through 1.12...
htmly 2.9.9 Cross Site Scripting
Exploit Title: Stored XSS in "Edit Profile" - htmlyv2.9.9 Date: 9/2024 Exploit Author: Andrey Stoykov Version: 2.9.9 Tested on: Ubuntu 22.04 Blog: https://msecureltd.blogspot.com/2024/09/friday-fun-pentest-series-11-stored-xss.html Stored XSS 1: Steps to Reproduce: 1. Login as author 2. Browse to...
CVE-2024-30953
A stored cross-site scripting XSS vulnerability in Htmly v2.9.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link Name parameter of Menu Editor module...
CVE-2024-30953
A stored cross-site scripting XSS vulnerability in Htmly v2.9.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link Name parameter of Menu Editor module...
PT-2024-23690 · Htmly · Htmly
Name of the Vulnerable Software and Affected Versions: Htmly version 2.9.5 Description: A stored cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link Name parameter of the Menu Editor module. Recommendations: For Htm...
CVE-2024-30953
A stored cross-site scripting XSS vulnerability in Htmly v2.9.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link Name parameter of Menu Editor module...
CVE-2024-30953
CVE-2024-30953 is a stored XSS in Htmly v2.9.5, exploitable via a crafted payload injected into the Link Name parameter of the Menu Editor. Affected component: Menu Editor in Htmly 2.9.5; root cause is insufficient sanitization of the Link Name input, enabling arbitrary script execution in the vi...
CVE-2024-30953
A stored cross-site scripting XSS vulnerability in Htmly v2.9.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link Name parameter of Menu Editor module...
CVE-2024-24876
Cross-Site Request Forgery CSRF vulnerability in Janis Elsts Admin Menu Editor.This issue affects Admin Menu Editor: from n/a through 1.12...
CVE-2024-24876
Cross-Site Request Forgery CSRF vulnerability in Janis Elsts Admin Menu Editor.This issue affects Admin Menu Editor: from n/a through 1.12...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Janis Elsts Admin Menu Editor.This issue affects Admin Menu Editor: from n/a through 1.12...
CVE-2024-24876 WordPress Admin Menu Editor Plugin <= 1.12 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Janis Elsts Admin Menu Editor.This issue affects Admin Menu Editor: from n/a through 1.12...
CVE-2024-24876
CVE-2024-24876 is a CSRF vulnerability in the WordPress plugin Admin Menu Editor affecting versions