EUVD-2025-31689

Malicious code in bioql PyPI...

EUVD-2024-51587

Malicious code in bioql PyPI...

EUVD-2024-49173

Malicious code in bioql PyPI...

EUVD-2023-44294

Malicious code in bioql PyPI...

EUVD-2023-57864

Malicious code in bioql PyPI...

WordPress Groovy Menu Plugin <= 1.4.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Groovy Menu versions = 1.4.3...

CVE-2025-49436 WordPress Custom Menu plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in thiudis Custom Menu allows Stored XSS. This issue affects Custom Menu: from n/a through 1.8...

WordPress plugin Custom Menu 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress Custom Menu plugin <= 1.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by muhammad yudha Patchstack Alliance in WordPress Plugin Custom Menu versions = 1.8...

CVE-2024-1399

The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...

CVE-2024-13415

The Food Menu – Restaurant Menu & Online Ordering for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the response function in all versions up to, and including, 5.1.4. This makes it possible for authenticated attackers, with...

CVE-2024-8434

The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with subscriber-lev...

CVE-2024-8433

The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘themehunkmegamenubgimage' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-12774

The Altra Side Menu WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary menu via a CSRF attack...

CVE-2023-33929

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Joaquín Ruiz Easy Admin Menu plugin = 1.3 versions...

CVE-2023-44479

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Jim Krill WP Jump Menu plugin = 3.6.4 versions...

CVE-2023-3225

The Float menu WordPress plugin before 5.0.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-3650

The Bubble Menu WordPress plugin before 3.0.5 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup...

CVE-2021-24971

The WP Responsive Menu WordPress plugin before 3.1.7.1 does not have capability and CSRF checks in the wprliveupdate AJAX action, as well as do not sanitise and escape some of the data submitted. As a result, any authenticated, such as subscriber could update the plugin's settings and perform...

CVE-2020-29045

The food-and-drink-menu plugin through 2.2.0 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the fdmcart cookie in loadcartfromcookie in includes/class-cart-manager.php...