CVE-2024-5459

The Restaurant Menu and Food Ordering plugin for WordPress is vulnerable to unauthorized creation of data due to a missing capability check on 'addsection', 'addmenu', 'addmenuitem', and 'addmenupage' functions in all versions up to, and including, 2.4.16. This makes it possible for authenticated...

CVE-2024-47365

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Atakan Au Automatically Hierarchic Categories in Menu automatically-hierarchic-categories-in-menu allows Stored XSS.This issue affects Automatically Hierarchic Categories in Menu: from n/a through ...

CVE-2024-29089

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Five Star Plugins Five Star Restaurant Menu allows Stored XSS.This issue affects Five Star Restaurant Menu: from n/a through 2.4.14...

CVE-2024-32579

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GloriaFood Restaurant Menu – Food Ordering System – Table Reservation allows Stored XSS.This issue affects Restaurant Menu – Food Ordering System – Table Reservation: from n/a through 2.4.1...

CVE-2024-42380

The RFC enabled function module allows a low privileged user to read any user's workplace favourites and user menu along with all the specific data of each node. Usernames can be enumerated by exploiting vulnerability. There is low impact on confidentiality of the application...

CVE-2024-49698

Missing Authorization vulnerability in PriceListo Best Restaurant Menu by PriceListo best-restaurant-menu-by-pricelisto.This issue affects Best Restaurant Menu by PriceListo: from n/a through = 1.4.2...

CVE-2024-44587

itsourcecode Alton Management System 1.0 is vulnerable to SQL Injection in /noncombosave.php via the "menu" parameter...

CVE-2024-10866

The Export Import Menus plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the dspexportimportmenus function in all versions up to, and including, 1.9.1. This makes it possible for unauthenticated attackers to export menu data and settings...

CVE-2024-8092

The Accordion Image Menu WordPress plugin through 3.1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-54310

Missing Authorization vulnerability in Aslam Khan Gouran Gou Manage My Account Menu gou-wc-account-tabs allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Gou Manage My Account Menu: from n/a through = 1.0.1.8...

CVE-2024-51849

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Marco Piarulli My Restaurant Menu my-restaurant-menu allows Stored XSS.This issue affects My Restaurant Menu: from n/a through = 0.2.0...

CVE-2024-33932

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vinod Dalvi Login Logout Register Menu allows Stored XSS.This issue affects Login Logout Register Menu: from n/a through 2.0...

CVE-2024-24876

Cross-Site Request Forgery CSRF vulnerability in Janis Elsts Admin Menu Editor.This issue affects Admin Menu Editor: from n/a through 1.12...

CVE-2024-28003

Missing Authorization vulnerability in Megamenu Max Mega Menu.This issue affects Max Mega Menu: from n/a through 3.3...

CVE-2024-28142

Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "File Name" page /cgi/uset.cgi?-cfilename in the User Settings menu improperly filters the "file name" and wildcard character input field. By...

CVE-2024-37274

Cross-Site Request Forgery CSRF vulnerability in Rui Guerreiro WP Mobile Menu mobile-menu allows Cross Site Request Forgery.This issue affects WP Mobile Menu: from n/a through = 2.8.4.3...

CVE-2024-13415

The Food Menu – Restaurant Menu & Online Ordering for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the response function in all versions up to, and including, 5.1.4. This makes it possible for authenticated attackers, with...

CVE-2024-2508

The WP Mobile Menu plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savemenuitemicon function in all versions up to, and including, 2.8.4.4. This makes it possible for unauthenticated attackers to add the 'mobmenuicon' post meta to...

CVE-2024-8434

The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with subscriber-lev...

CVE-2024-8433

The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘themehunkmegamenubgimage' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for...