CVE-2019-15865

The breadcrumbs-by-menu plugin before 1.0.3 for WordPress has CSRF...

CVE-2025-3748

The Taxonomy Chain Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's pnchainmenu shortcode in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-3748

The Taxonomy Chain Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's pnchainmenu shortcode in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress plugin WP Food ordering and Restaurant Menu 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Restaurant Menu by MotoPress plugin <= 2.4.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by muhammad yudha in WordPress Plugin Restaurant Menu by MotoPress versions = 2.4.4...

CVE-2025-27281 WordPress All In Menu Plugin <= 1.1.5 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in cookforweb All In Menu all-in-menu allows Blind SQL Injection.This issue affects All In Menu: from n/a through = 1.1.5...

CVE-2024-13780 Hero Mega Menu - Responsive WordPress Menu Plugin <= 1.16.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Directory Deletion

The Hero Mega Menu - Responsive WordPress Menu Plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the hmenudeletemenu function in all versions up to, and including, 1.16.5. This makes it possible for unauthenticated attackers to delete...

CVE-2022-3776

The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validation on several functions called via AJAX actions such as formsaction, setoption...

WordPress Food Menu plugin <= 5.1.4 - Missing Authorization to Authenticated (Subscriber+) Settings Update vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Update vulnerability discovered by abrahack in WordPress Plugin Food Menu – Restaurant Menu & Online Ordering for WooCommerce versions = 5.1.4...

CVE-2024-13415

The Food Menu – Restaurant Menu & Online Ordering for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the response function in all versions up to, and including, 5.1.4. This makes it possible for authenticated attackers, with...

CVE-2024-13415 Food Menu – Restaurant Menu & Online Ordering for WooCommerce <= 5.1.4 - Missing Authorization to Authenticated (Subscriber+) Settings Update

The Food Menu – Restaurant Menu & Online Ordering for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the response function in all versions up to, and including, 5.1.4. This makes it possible for authenticated attackers, with...

CVE-2024-13415

CVE-2024-13415 – WordPress Food Menu plugin : The Food Menu – Restaurant Menu & Online Ordering for WooCommerce for WordPress contains a missing capability check in the response() function across versions up to 5.1.4, enabling authenticated attackers with Subscriber-level access and above to modi...

WordPress plugin Food Menu 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Automatically Hierarchic Categories in Menu plugin <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Automatically Hierarchic Categories in Menu versions = 2.0.7...

WordPress Bubble Menu Plugin <= 4.0.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Khang Duong in WordPress Plugin Bubble Menu – circle floating menu versions = 4.0.2...

CVE-2024-49300

CVE-2024-49300 is a Reflected XSS in the WordPress plugin Hero Mega Menu - Responsive WordPress Menu Plugin, affecting versions up to 1.16.5. The connected Red Hat entry and PT/ENISA notes indicate the vulnerability exists; a public patch/remediation is not detailed in the provided docs, but one ...

CVE-2024-49300 WordPress Hero Menu plugin <= 1.16.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows Reflected XSS. This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: from n/a through 1.16.5...

WordPress Hero Menu plugin <= 1.16.5 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Bonds Patchstack Alliance in WordPress Plugin Hero Mega Menu - Responsive WordPress Menu Plugin versions = 1.16.5...

PT-2024-33647 · Imw3 · My Wp Brand – Hide Menu & Hide Plugin

Name of the Vulnerable Software and Affected Versions: My Wp Brand – Hide menu & Hide Plugin versions 1.1.2 and below Description: A Missing Authorization vulnerability is present in the imw3 My Wp Brand – Hide menu & Hide Plugin. This issue allows for unauthorized access. Recommendations: For...

CVE-2024-7894

The If Menu plugin for WordPress is vulnerable to unauthorized modification of the plugin's license key due to a missing capability check on the 'actions' function in versions up to, and including, 0.19.1. This makes it possible for unauthenticated attackers to modify delete or modify the license...