CVE-2023-32516

Unauth. Reflected Cross-Site Scripting XSS vulnerability in GloriaFood Restaurant Menu – Food Ordering System – Table Reservation plugin = 2.3.6 versions...

CVE-2023-3650

The Bubble Menu WordPress plugin before 3.0.5 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup...

WordPress plugin Bubble Menu cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

CVE-2023-37985

Cross-Site Request Forgery CSRF vulnerability in FiveStarPlugins Restaurant Menu and Food Ordering plugin = 2.4.6 versions...

CVE-2023-37985 WordPress Five Star Restaurant Menu Plugin <= 2.4.6 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in FiveStarPlugins Restaurant Menu and Food Ordering plugin = 2.4.6 versions...

CVE-2023-23791

Cross-Site Request Forgery CSRF vulnerability in HasThemes HT Menu plugin = 1.2.1 versions...

CVE-2023-3225

The Float menu WordPress plugin before 5.0.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress plugin Float menu 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress Plugin Float menu 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress Plugin Float men...

WordPress Easy Admin Menu Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)

Software Easy Admin Menu Type Plugin Vulnerable versions = 1.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-33929 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID d28d5c2d98dc Credits Rio Darmawan Required...

CVE-2023-23870

CVE-2023-23870 affects the WordPress plugin wpdevart Responsive Vertical Icon Menu (versions ≤ 1.5.8). The vulnerability is a Stored Cross-Site Scripting (XSS) that requires authentication with admin or higher privileges. The issue stems from the plugin’s handling of input in its menu/icon functi...

WordPress plugin Responsive Vertical Icon Menu 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2023-0395

The menu shortcode WordPress plugin through 1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

WordPress If Menu Plugin <= 0.16.3 is vulnerable to Broken Access Control

Software If Menu Type Plugin Vulnerable versions = 0.16.3 Fixed in 0.17.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-41698 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 6fd87b73bf2d Credits Nguyen Anh Tien Required...

CVE-2023-23984

Cross-Site Request Forgery CSRF vulnerability in Wow-Company Bubble Menu – circle floating menu plugin = 3.0.1 leading to form deletion...

WordPress Plugin Wow-Company Bubble Menu – circle floating menu 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Wow-Company Bubble Menu -...

CVE-2023-23983

The CVE-2023-23983 entry describes a Cross-Site Request Forgery (CSRF) in the WordPress plugin wpdevart Responsive Vertical Icon Menu (

CVE-2022-4657

The Restaurant Menu WordPress plugin before 2.3.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2022-4657 Restaurant Menu < 2.3.6 - Contributor+ Stored XSS via Shortcode

The Restaurant Menu WordPress plugin before 2.3.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

WordPress Mega Main Menu 2.2.2 Information Disclosure

==================================================================================================================================== | Title : WordPress Menu Plugin - Mega Main Menu v2.2.2 unauthorized backup download Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro ...