CVE-2021-24971

The WP Responsive Menu WordPress plugin before 3.1.7.1 does not have capability and CSRF checks in the wprliveupdate AJAX action, as well as do not sanitise and escape some of the data submitted. As a result, any authenticated, such as subscriber could update the plugin's settings and perform...

CVE-2021-40956

LaiKetui v3.5.0 has SQL injection in the background through the menu management function, and sensitive data can be obtained...

CVE-2021-24348

The menu delete functionality of the Side Menu – add fixed side buttons WordPress plugin before 3.1.5, available to Administrator users takes the did GET parameter and uses it into an SQL statement without proper sanitisation, validation or escaping, therefore leading to a SQL Injection issue...

CVE-2021-24339

The Pods – Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting XSS security vulnerability within the 'Menu Label' field parameter...

CVE-2021-24162

In the Reponsive Menu free and Pro WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into importing all new settings. These settings could be modified to include malicious JavaScript, therefore allowing an attacker to inject payloads that could aid in...

CVE-2020-36746

The Menu Swapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.0.2. This is due to missing or incorrect nonce validation on the mswpsavemeta function. This makes it possible for unauthenticated attackers to save meta data via a forged reque...

CVE-2020-29045

The food-and-drink-menu plugin through 2.2.0 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the fdmcart cookie in loadcartfromcookie in includes/class-cart-manager.php...

CVE-2020-20348

WTCMS 1.0 contains a stored cross-site scripting XSS vulnerability in the link field under the background menu management module...

CVE-2020-36553

Cross Site Scripting XSS vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Areafoodtype field to /dashboard/menu-list.php...

CVE-2020-24316

WP Plugin Rednumber Admin Menu v1.1 and lower does not sanitize the value of the "role" GET parameter before echoing it back out to the user. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL...

CVE-2020-23239

Cross Site Scripting XSS vulnerability in Textpattern CMS 4.8.1 via Custom fields in the Menu Preferences feature...

CVE-2020-23234

Cross Site Scripting XSS vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as "ontoggle,"...

CVE-2020-11952

An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.10 devices. Attackers can bypass the CLI menu...

CVE-2020-18065

Cross Site Scripting XSS vulnerability exists in PopojiCMS 2.0.1 in admin.php?mod=menumanager--------- edit menu...

CVE-2020-19886

DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for an /index.php?dbhcmspid=-80=9 can delete any menu...

CVE-2020-14988

An issue was discovered in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2. It allows XSS in the login page via the loginmessage parameter, the text editor via the src attribute of HTML elements, the translations menu via the foldername parameter, the author page via the link URL, or the...

CVE-2020-29469

WonderCMS 3.1.3 is affected by cross-site scripting XSS in the Menu component. This vulnerability can allow an attacker to inject the XSS payload in the Setting - Menu and each time any user will visits the website directory, the XSS triggers and attacker can steal the cookie according to the...

CVE-2020-25444

Cross Site Scripting XSS vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 via the 1 "About Yourself” section under the “My Profile” page, " 2 “Hotel Policy” field under the “Hotel Details” page, 3 “Pricing code” and “name” fields under the “Manage Tour” page, and 4 all t...

CVE-2020-23700

Cross Site Scripting XSS vulnerability in LavaLite-CMS 5.8.0 via the Menu Links feature...

CVE-2013-2704

Cross-site request forgery CSRF vulnerability in the Dropdown Menu Widget plugin 1.9.1 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting XSS sequences...