Lucene search
K

59 matches found

NVD
NVD
added 2025/09/06 4:16 a.m.6 views

CVE-2025-9493

The Admin Menu Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘placeholder’ parameter in all versions up to, and including, 1.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level acce...

6.4CVSS0.00223EPSS
Exploits0References4
CVE
CVE
added 2025/09/06 3:22 a.m.26 views

CVE-2025-9493

CVE-2025-9493 describes a Stored Cross-Site Scripting vulnerability in the WordPress plugin Admin Menu Editor. The root cause is insufficient input sanitization and output escaping for the placeholder parameter, enabling an authenticated attacker with Author-level access or higher to inject scrip...

6.4CVSS4.7AI score0.00223EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/09/06 3:22 a.m.10 views

CVE-2025-9493 Admin Menu Editor <= 1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via placeholder Parameter

The Admin Menu Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘placeholder’ parameter in all versions up to, and including, 1.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level acce...

6.4CVSS0.00223EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/09/06 3:22 a.m.5 views

CVE-2025-9493 Admin Menu Editor <= 1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via placeholder Parameter

The Admin Menu Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘placeholder’ parameter in all versions up to, and including, 1.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level acce...

6.4CVSS4.7AI score0.00223EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/09/06 12:12 a.m.9 views

WordPress Admin Menu Editor plugin <= 1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via placeholder Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via placeholder Parameter vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Admin Menu Editor versions = 1.14...

6.4CVSS5.6AI score0.00223EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/09/06 12:0 a.m.3 views

WordPress plugin Admin Menu Editor 跨站脚本漏洞

WordPress Admin Menu Editor plugin is a plugin for customizing and managing backend menus, supporting reordering, hiding/showing menu items, modifying permissions and more. WordPress Admin Menu Editor plugin suffers from a cross-site scripting vulnerability that stems from insufficient input...

6.4CVSS6AI score0.00223EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 10:16 a.m.7 views

CVE-2024-30953

A stored cross-site scripting XSS vulnerability in Htmly v2.9.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link Name parameter of Menu Editor module...

6.1CVSS5.6AI score0.00404EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:52 a.m.8 views

CVE-2024-24876

Cross-Site Request Forgery CSRF vulnerability in Janis Elsts Admin Menu Editor.This issue affects Admin Menu Editor: from n/a through 1.12...

8.8CVSS6.3AI score0.00214EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2024/09/19 12:0 a.m.422 views

htmly 2.9.9 Cross Site Scripting

Exploit Title: Stored XSS in "Edit Profile" - htmlyv2.9.9 Date: 9/2024 Exploit Author: Andrey Stoykov Version: 2.9.9 Tested on: Ubuntu 22.04 Blog: https://msecureltd.blogspot.com/2024/09/friday-fun-pentest-series-11-stored-xss.html Stored XSS 1: Steps to Reproduce: 1. Login as author 2. Browse to...

7.4AI score
Exploits0
NVD
NVD
added 2024/04/17 7:15 p.m.16 views

CVE-2024-30953

A stored cross-site scripting XSS vulnerability in Htmly v2.9.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link Name parameter of Menu Editor module...

6.1CVSS5.4AI score0.00404EPSS
Exploits1References1
OSV
OSV
added 2024/04/17 12:0 a.m.4 views

CVE-2024-30953

A stored cross-site scripting XSS vulnerability in Htmly v2.9.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link Name parameter of Menu Editor module...

6.1CVSS5.7AI score0.00404EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/04/17 12:0 a.m.4 views

PT-2024-23690 · Htmly · Htmly

Name of the Vulnerable Software and Affected Versions: Htmly version 2.9.5 Description: A stored cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link Name parameter of the Menu Editor module. Recommendations: For Htm...

6.1CVSS5.6AI score0.00404EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2024/04/17 12:0 a.m.13 views

CVE-2024-30953

A stored cross-site scripting XSS vulnerability in Htmly v2.9.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link Name parameter of Menu Editor module...

5.6AI score0.00404EPSS
Exploits1References1
CVE
CVE
added 2024/04/17 12:0 a.m.57 views

CVE-2024-30953

CVE-2024-30953 is a stored XSS in Htmly v2.9.5, exploitable via a crafted payload injected into the Link Name parameter of the Menu Editor. Affected component: Menu Editor in Htmly 2.9.5; root cause is insufficient sanitization of the Link Name input, enabling arbitrary script execution in the vi...

6.1CVSS5.6AI score0.00404EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/04/17 12:0 a.m.24 views

CVE-2024-30953

A stored cross-site scripting XSS vulnerability in Htmly v2.9.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link Name parameter of Menu Editor module...

5.5AI score0.00404EPSS
Exploits1References1
OSV
OSV
added 2024/02/21 7:15 a.m.3 views

CVE-2024-24876

Cross-Site Request Forgery CSRF vulnerability in Janis Elsts Admin Menu Editor.This issue affects Admin Menu Editor: from n/a through 1.12...

8.8CVSS7.3AI score0.00214EPSS
Exploits0References1
NVD
NVD
added 2024/02/21 7:15 a.m.21 views

CVE-2024-24876

Cross-Site Request Forgery CSRF vulnerability in Janis Elsts Admin Menu Editor.This issue affects Admin Menu Editor: from n/a through 1.12...

8.8CVSS4.6AI score0.00214EPSS
Exploits0References1
Prion
Prion
added 2024/02/21 7:15 a.m.11 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Janis Elsts Admin Menu Editor.This issue affects Admin Menu Editor: from n/a through 1.12...

4.3CVSS7.5AI score0.00214EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/02/21 6:54 a.m.27 views

CVE-2024-24876 WordPress Admin Menu Editor Plugin <= 1.12 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Janis Elsts Admin Menu Editor.This issue affects Admin Menu Editor: from n/a through 1.12...

4.3CVSS7AI score0.00214EPSS
Exploits0References1
CVE
CVE
added 2024/02/21 6:54 a.m.80 views

CVE-2024-24876

CVE-2024-24876 is a CSRF vulnerability in the WordPress plugin Admin Menu Editor affecting versions

8.8CVSS6.3AI score0.00214EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder