SourceCodester Food Menu Manager 安全漏洞

SourceCodester Food Menu Manager is a SourceCodester open source food menu manager. A security vulnerability exists in SourceCodester Food Menu Manager version 1.0, which stems from improper manipulation of the parameters name and description by the component Add Menu Handler, which could lead to...

PT-2025-23881 · Sourcecodester · Sourcecodester Food Menu Manager

Name of the Vulnerable Software and Affected Versions: SourceCodester Food Menu Manager version 1.0 Description: A problematic issue has been found in the software, affecting some unknown functionality of the file /index.php of the component Add Menu Handler. The manipulation of the...

CVE-2025-5426

A vulnerability was found in juzaweb CMS up to 3.4.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin-cp/menus of the component Menu Page. The manipulation leads to improper access controls. The attack can be launched remotely. The...

CVE-2025-5426 juzaweb CMS Menu Page menus access control

A vulnerability was found in juzaweb CMS up to 3.4.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin-cp/menus of the component Menu Page. The manipulation leads to improper access controls. The attack can be launched remotely. The...

PT-2025-23456 · Unknown · Juzawebcms

Name of the Vulnerable Software and Affected Versions: juzaweb CMS versions up to 3.4.2 Description: A critical issue was found in the juzaweb CMS, affecting an unknown functionality of the file /admin-cp/menus of the component Menu Page. This leads to improper access controls, allowing remote...

CVE-2025-0214

A vulnerability was found in TMD Custom Header Menu 4.0.0.1 on OpenCart. It has been rated as problematic. This issue affects some unknown processing of the file /admin/index.php. The manipulation of the argument headermenuid leads to sql injection. The attack may be initiated remotely. The...

CVE-2025-24714

Cross-Site Request Forgery CSRF vulnerability in Wow-Company Bubble Menu – circle floating menu bubble-menu allows Cross Site Request Forgery.This issue affects Bubble Menu – circle floating menu: from n/a through = 4.0.2...

CVE-2025-24724

Cross-Site Request Forgery CSRF vulnerability in Wow-Company Side Menu Lite side-menu-lite allows Cross Site Request Forgery.This issue affects Side Menu Lite: from n/a through = 5.3.1...

CVE-2025-0220

A vulnerability, which was classified as problematic, was found in Trimble SPS851 488.01. This affects an unknown part of the component Ethernet Configuration Menu. The manipulation of the argument Hostname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit...

CVE-2024-9366

The Easy Menu Manager | WPZest plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level acces...

CVE-2024-32746

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the MENU parameter under the Menu module...

CVE-2024-32340

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the WEBSITE TITLE parameter under the Menu module...

CVE-2024-30953

A stored cross-site scripting XSS vulnerability in Htmly v2.9.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link Name parameter of Menu Editor module...

CVE-2024-40604

An issue was discovered in the Nimbus skin for MediaWiki through 1.42.1. There is Stored XSS via MediaWiki:Nimbus-sidebar menu and submenu entries...

CVE-2024-40602

An issue was discovered in the Tempo skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries...

CVE-2024-24134

Sourcecodester Online Food Menu 1.0 is vulnerable to Cross Site Scripting XSS via the 'Menu Name' and 'Description' fields in the Update Menu section...

CVE-2024-7380

The Geo Controller plugin for WordPress is vulnerable to unauthorized menu creation/deletion due to missing capability checks on the ajaxgeolocatemenu and ajaxgeolocateremovemenu functions in all versions up to, and including, 8.7.3. This makes it possible for authenticated attackers, with...

CVE-2024-3206

The Different Menu in Different Pages – Control Menu Visibility All in One plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajax function in all versions up to, and including, 2.3.2. This makes it possible for authenticated attackers, with...

CVE-2024-3987

The WP Mobile Menu – The Mobile-Friendly Responsive Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt text in all versions up to, and including, 2.8.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...

CVE-2024-1399

The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...