CVE-2025-1332

FastCMS ≤ 0.1.5 is affected by a cross-site scripting vulnerability in the Template Menu component (file /fastcms.html#/template/menu). The issue arises from unknown code in that path and is exploitable remotely; exploit has been disclosed publicly. Public details across sources indicate no versi...

CVE-2025-1332 FastCMS Template Menu menu cross site scripting

A vulnerability has been found in FastCMS up to 0.1.5 and classified as problematic. This vulnerability affects unknown code of the file /fastcms.html/template/menu of the component Template Menu. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit ha...

CVE-2025-1332 FastCMS Template Menu menu cross site scripting

A vulnerability has been found in FastCMS up to 0.1.5 and classified as problematic. This vulnerability affects unknown code of the file /fastcms.html/template/menu of the component Template Menu. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit ha...

FastCMS 代码注入漏洞

FastCMS is a content management system from FastCMS Inc. A code injection vulnerability exists in FastCMS 0.1.5 and earlier versions, which originates from the file /fastcms.html/template/menu of the component template menu can lead to cross-site scripting attacks...

PT-2025-6877 · Fastcms · Fastcms

Name of the Vulnerable Software and Affected Versions: FastCMS versions up to 0.1.5 Description: A vulnerability has been found in the Template Menu component of FastCMS, affecting unknown code of the file /fastcms.html/template/menu. The manipulation leads to cross-site scripting. The attack can...

CVE-2025-26543

Cross-Site Request Forgery CSRF vulnerability in Pukhraj Suthar Simple Responsive Menu simple-responsive-menu allows Stored XSS.This issue affects Simple Responsive Menu: from n/a through = 2.1...

CVE-2025-24692

Missing Authorization vulnerability in M.Code Bulk Menu Edit bulk-menu-edit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Menu Edit: from n/a through = 1.3...

CVE-2025-24692 WordPress Bulk Menu Edit plugin <= 1.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in M.Code Bulk Menu Edit bulk-menu-edit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Menu Edit: from n/a through = 1.3...

CVE-2025-24692

CVE-2025-24692 affects Bulk Menu Edit (WordPress plugin) up to version 1.3, with a Missing/Broken Authorization vulnerability that allows exploitation of configured access control to access or alter data. The CVSS 3.1 score is 7.1 (High) with network attack vector, low privileges required, no use...

CVE-2025-26543

Cross-Site Request Forgery CSRF vulnerability in Pukhraj Suthar Simple Responsive Menu simple-responsive-menu allows Stored XSS.This issue affects Simple Responsive Menu: from n/a through = 2.1...

CVE-2025-26543 WordPress Simple Responsive Menu plugin <= 2.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Pukhraj Suthar Simple Responsive Menu simple-responsive-menu allows Stored XSS.This issue affects Simple Responsive Menu: from n/a through = 2.1...

CVE-2025-26543

CVE-2025-26543 refers to a CSRF-to-Stored XSS in the WordPress plugin Simple Responsive Menu (

CVE-2025-26543 WordPress Simple Responsive Menu plugin <= 2.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Pukhraj Suthar Simple Responsive Menu allows Stored XSS. This issue affects Simple Responsive Menu: from n/a through 2.1...

WordPress Simple Responsive Menu plugin <= 2.1 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Abdi Pranata in WordPress Plugin Simple Responsive Menu versions = 2.1...

CVE-2025-1166

A vulnerability has been found in SourceCodester Food Menu Manager 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file endpoint/update.php. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been...

WordPress plugin Simple Responsive Menu 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

CVE-2025-26348

A CWE-89 "Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection'" in maxprofile/menu/model.lua editUserMenu endpoint in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to execute arbitrary SQL commands via crafted HTTP reques...

PT-2025-7137 · Q Free · Q-Free Maxtime

Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions prior to 2.11.0 Description: The issue is related to an improper neutralization of special elements used in an SQL command, also known as SQL Injection. This occurs in the maxprofile/menu/model.lua file, specifically a...

SourceCodester Multi Restaurant Table Reservation System 注入漏洞

SourceCodester Multi Restaurant Table Reservation System is a multi-restaurant table reservation system from SourceCodester, Inc. An injection vulnerability exists in version 1.0 of the SourceCodester Multi Restaurant Table Reservation System, which stems from an SQL injection vulnerability...

Q-Free MAXTIME Suite 访问控制错误漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. An access control error vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions, which stems from a lack of authentication for critical functions in maxprofile/menu/routes.lua. An...