Malicious code in @electra-web/settings-menu (npm)

--- -= Per source details. Do not edit below this line.=-...

WordPress Food Menu plugin <= 5.1.4 - Missing Authorization to Authenticated (Subscriber+) Settings Update vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Update vulnerability discovered by abrahack in WordPress Plugin Food Menu – Restaurant Menu & Online Ordering for WooCommerce versions = 5.1.4...

CVE-2024-13415

The Food Menu – Restaurant Menu & Online Ordering for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the response function in all versions up to, and including, 5.1.4. This makes it possible for authenticated attackers, with...

CVE-2024-13415 Food Menu – Restaurant Menu & Online Ordering for WooCommerce <= 5.1.4 - Missing Authorization to Authenticated (Subscriber+) Settings Update

The Food Menu – Restaurant Menu & Online Ordering for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the response function in all versions up to, and including, 5.1.4. This makes it possible for authenticated attackers, with...

CVE-2024-13415

CVE-2024-13415 – WordPress Food Menu plugin : The Food Menu – Restaurant Menu & Online Ordering for WooCommerce for WordPress contains a missing capability check in the response() function across versions up to 5.1.4, enabling authenticated attackers with Subscriber-level access and above to modi...

WordPress plugin Food Menu 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Automatically Hierarchic Categories in Menu plugin <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Automatically Hierarchic Categories in Menu versions = 2.0.7...

WordPress Bulk Menu Edit plugin <= 1.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by theviper17 in WordPress Plugin Bulk Menu Edit versions = 1.3...

The vulnerability of the Responsive and off-canvas menu module in the Drupal CMS system, related to improper authentication, allows attackers to bypass security restrictions and execute a Forceful Browsing attack.

The vulnerability of the Responsive and off-canvas menu module in the Drupal CMS system is related to improper authentication. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and execute a Forceful Browsing attack...

WordPress Altra Side Menu plugin <= 2.0 - Abitrary Menu Deletion via CSRF vulnerability

Abitrary Menu Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Altra Side Menu versions = 2.0...

WordPress Altra Side Menu plugin <= 2.0 - Admin+ SQL Injection vulnerability

Admin+ SQL Injection vulnerability discovered by Régis SENET in WordPress Plugin Altra Side Menu versions = 2.0...

CVE-2024-12774

The Altra Side Menu WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary menu via a CSRF attack...

CVE-2024-12773

The Altra Side Menu WordPress plugin through 2.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks...

CVE-2024-12773

The Altra Side Menu WordPress plugin through 2.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks...

CVE-2024-12774

The Altra Side Menu WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary menu via a CSRF attack...

CVE-2024-12774 Altra Side Menu <= 2.0 - Abitrary Menu Deletion via CSRF

The Altra Side Menu WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary menu via a CSRF attack...

CVE-2024-12774 Altra Side Menu <= 2.0 - Abitrary Menu Deletion via CSRF

The Altra Side Menu WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary menu via a CSRF attack...

CVE-2024-12774

CVE-2024-12774 affects the Altra Side Menu WordPress plugin (≤ v2.0). It stems from missing CSRF checks, potentially allowing logged-in admins to delete arbitrary menus via CSRF. No explicit patch or mitigation details are provided in the connected documents; monitor for updates and consider rest...

CVE-2024-12773 Altra Side Menu <= 2.0 - Admin+ SQL Injection

The Altra Side Menu WordPress plugin through 2.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks...

CVE-2024-12773

CVE-2024-12773 affects the WordPress plugin Altra Side Menu (versions up to 2.0). The issue arises when an input parameter is not sanitized/escaped before being used in a SQL statement, enabling admins to perform SQL injection. The CVE notes an in-site impact of high severity (base CVSS 3.1 score...