CVE-2024-7894 If Menu <= 0.19.1 - Missing Authorization to License Key Update

The If Menu plugin for WordPress is vulnerable to unauthorized modification of the plugin's license key due to a missing capability check on the 'actions' function in versions up to, and including, 0.19.1. This makes it possible for unauthenticated attackers to modify delete or modify the license...

WordPress If Menu plugin <= 0.19.1 - Missing Authorization to License Key Update vulnerability

Missing Authorization to License Key Update vulnerability discovered by Marco Wotschka in WordPress Plugin If Menu versions = 0.19.1...

CVE-2024-51849 WordPress My Restaurant Menu plugin <= 0.2.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Marco Piarulli My Restaurant Menu my-restaurant-menu allows Stored XSS.This issue affects My Restaurant Menu: from n/a through = 0.2.0...

CVE-2024-8433

The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘themehunkmegamenubgimage' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-8433 Easy Mega Menu Plugin for WordPress – ThemeHunk <= 1.1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting

The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘themehunkmegamenubgimage' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for...

WordPress Automatically Hierarchic Categories in Menu plugin <= 2.0.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by theviper17 Patchstack Alliance in WordPress Plugin Automatically Hierarchic Categories in Menu versions = 2.0.5...

PT-2024-39011 · Themehunk · Easy Mega Menu Plugin

Name of the Vulnerable Software and Affected Versions: Easy Mega Menu Plugin for WordPress – ThemeHunk plugin versions up to, and including, 1.0.9 Description: The issue arises from a missing capability check on several functions hooked via AJAX, allowing authenticated attackers with...

WordPress WP Mobile Menu plugin <= 2.8.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Alt vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Image Alt vulnerability discovered by stealthcopter in WordPress Plugin WP Mobile Menu versions = 2.8.4.2...

WordPress plugin WP Mobile Menu security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-5459

The Restaurant Menu and Food Ordering plugin for WordPress is vulnerable to unauthorized creation of data due to a missing capability check on 'addsection', 'addmenu', 'addmenuitem', and 'addmenupage' functions in all versions up to, and including, 2.4.16. This makes it possible for authenticated...

CVE-2024-2405

The Float menu WordPress plugin before 6.0.1 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admin delete arbitrary menu via a CSRF attack...

WordPress plugin Float menu 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

WordPress Superfly Menu Plugin <= 5.0.25 is vulnerable to Cross Site Scripting (XSS)

Software Superfly Menu Type Plugin Vulnerable versions = 5.0.25 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32553 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6079596969f5 Credits Dave Jong Patchstack Required...

Float menu < 6.0.1 - Menu Deletion via CSRF

Description The plugin does not have CSRF check in its bulk actions, which could allow attackers to make logged in admin delete arbitrary menu via a CSRF attack. PoC Make a logged in admin open one a page with the code below, this will make them delete the menu with ID 1:...

CVE-2023-5340

The Five Star Restaurant Menu and Food Ordering WordPress plugin before 2.4.11 unserializes user input via an AJAX action available to unauthenticated users, allowing them to perform PHP Object Injection when a suitable gadget is present on the blog...

CVE-2023-5565

The Shortcode Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shortmenu' shortcode in versions up to, and including, 3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

CVE-2023-5565 Shortcode Menu <= 3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Shortcode Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shortmenu' shortcode in versions up to, and including, 3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

CVE-2023-44479

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Jim Krill WP Jump Menu plugin = 3.6.4 versions...

CVE-2023-33929

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Joaquín Ruiz Easy Admin Menu plugin = 1.3 versions...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Joaquín Ruiz Easy Admin Menu plugin = 1.3 versions...