Lucene search
+L

32 matches found

EUVD
EUVD
added 11 hours ago3 views

EUVD-2026-45149

The Royal Addons for Elementor WordPress plugin before 1.7.1063 does not check the post status of menu items or the templates they reference in one of its REST endpoints, allowing unauthenticated users to retrieve the rendered HTML content of private or draft Elementor templates linked from...

5.3CVSS5.3AI score
Exploits0References1
Cvelist
Cvelist
added 11 hours ago9 views

CVE-2026-13402 Royal Elementor Addons < 1.7.1063 - Unauthenticated Private Mega Menu Template Disclosure

The Royal Addons for Elementor WordPress plugin before 1.7.1063 does not check the post status of menu items or the templates they reference in one of its REST endpoints, allowing unauthenticated users to retrieve the rendered HTML content of private or draft Elementor templates linked from...

Exploits0References1
CVE
CVE
added 2026/06/24 5:33 a.m.13 views

CVE-2026-8688

The CVE pertains to the WordPress plugin Advance Nav Menu Manager (

4.3CVSS5.8AI score0.00227EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.38 views

CVE-2026-8688 Advance Nav Menu Manager <= 1.3 - Missing Authorization to Authenticated (Subscriber+) Nav Menu Item Modification via anmm_save_menu_data AJAX Action

The Advance Nav Menu Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS0.00227EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.14 views

PT-2026-51684

Name of the Vulnerable Software and Affected Versions Advance Nav Menu Manager versions prior to 1.4 Description The Advance Nav Menu Manager plugin for WordPress contains an authorization bypass. The issue occurs because the plugin fails to properly verify if a user is authorized to perform...

4.3CVSS5.6AI score0.00227EPSS
Exploits0References13
CVE
CVE
added 2026/06/20 6:27 p.m.24 views

CVE-2026-56347

CVE-2026-56347 affects the AVideo TopMenu plugin up to version 26.0. The issue is a stored cross-site scripting vulnerability in menu item rendering caused by missing output encoding of icon classes, URLs, and text labels. Attackers can inject malicious JavaScript through unescaped menu item fiel...

6.1CVSS5.7AI score0.00167EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-6744

Malware in sbrugna...

6.5CVSS6.6AI score0.00805EPSS
Exploits0References2
CNVD
CNVD
added 2023/10/13 12:0 a.m.4 views

RiteCMS Cross-Site Scripting Vulnerability (CNVD-2026-05345)

RiteCMS is an open source content management system based on php and sqlite. RiteCMS suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary code in the Main Menu Items of the Administration Menu via a specially crafted payload...

5.4CVSS6.1AI score0.00488EPSS
Exploits1References1
Huntr
Huntr
added 2023/09/28 5:29 p.m.15 views

CSRF Delete Navigation Menu Items

Description CSRF Delete Navigation Menu Items Proof of Concept 1 .Attack sends fake requests to users history.pushState'', '', '/'; document.forms0.submit; 2 .User click, deletes unwanted Navigation Menu Items Payload Poc...

7.1AI score0.0024EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2023/09/28 3:15 p.m.3 views

CVE-2023-43878

Rite CMS 3.0 has Multiple Cross-Site scripting XSS vulnerabilities that allow attackers to execute arbitrary code via a crafted payload into the Main Menu Items in the Administration Menu...

5.4CVSS6.3AI score0.00488EPSS
Exploits1References2
Prion
Prion
added 2023/09/28 3:15 p.m.30 views

Cross site scripting

Rite CMS 3.0 has Multiple Cross-Site scripting XSS vulnerabilities that allow attackers to execute arbitrary code via a crafted payload into the Main Menu Items in the Administration Menu...

4.9CVSS5.7AI score0.00488EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/09/28 12:0 a.m.10 views

PT-2023-29023 · Ritecms · Ritecms

Name of the Vulnerable Software and Affected Versions: Rite CMS version 3.0 Description: The issue allows attackers to execute arbitrary code via a crafted payload into the Main Menu Items in the Administration Menu. This is a result of Multiple Cross-Site scripting XSS vulnerabilities...

5.4CVSS5.3AI score0.00488EPSS
Exploits1References7
OSV
OSV
added 2023/01/27 9:15 p.m.4 views

CVE-2023-0554

The Quick Restaurant Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to update menu items, via forged reque...

4.3CVSS5.7AI score0.00368EPSS
Exploits1References3
Prion
Prion
added 2023/01/27 9:15 p.m.20 views

Cross site request forgery (csrf)

The Quick Restaurant Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to update menu items, via forged reque...

4.3CVSS4.5AI score0.00368EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/27 8:28 p.m.11 views

CVE-2023-0554 Quick Restaurant Menu <= 2.0.2 - Cross-Site Request Forgery

The Quick Restaurant Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to update menu items, via forged reque...

8.1CVSS5.8AI score0.00368EPSS
Exploits1References4
Cvelist
Cvelist
added 2022/12/26 12:28 p.m.33 views

CVE-2021-24942 Menu Item Visibility Control <= 0.5 - Admin+ Arbitrary PHP Code Execution

The Menu Item Visibility Control WordPress plugin through 0.5 doesn't sanitize and validate the "Visibility logic" option for WordPress menu items, which could allow highly privileged users to execute arbitrary PHP code even in a hardened environment...

7.5AI score0.01225EPSS
Exploits2References1
CNNVD
CNNVD
added 2021/11/01 12:0 a.m.7 views

WordPress 插件跨站脚本漏洞

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress Restaurant Menu by MotoPress Plugin in version 2.4.0 and earlier has a cross-site scripting...

4.8CVSS5.4AI score0.00622EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/09/28 12:0 a.m.619 views

Restaurant Menu by MotoPress < 2.4.2 - Admin+ Stored Cross Site Scripting

The plugin does not properly sanitize or escape inputs when creating new menu items, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Click on "Add New" under Restaurant Menu Plugin. Give any random title like...

4.8CVSS0.4AI score0.00622EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2020/04/08 10:15 p.m.33 views

CVE-2016-5254

Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows attackers to execute arbitrary code or cause a denial of service heap memory corruption and application crash by leveraging keyboard access to use the Alt...

7.5CVSS6AI score0.02953EPSS
Exploits0References2
CNVD
CNVD
added 2019/07/05 12:0 a.m.3 views

Odoo Access Control Error Vulnerability (CNVD-2019-21437)

Odoo is an Enterprise Resource Planning ERP and Customer Relationship Management CRM system from Odoo Belgium. The system is developed in Python language, PostgreSQL as the database, and includes modules for sales management, inventory management, financial management and so on. An access control...

6.5CVSS7AI score0.00805EPSS
Exploits0References1
Rows per page
Query Builder