CVE-2024-12773 Altra Side Menu <= 2.0 - Admin+ SQL Injection

The Altra Side Menu WordPress plugin through 2.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks...

WordPress plugin Altra Side Menu 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-1949

Name of the Vulnerable Software and Affected Versions Altra Side Menu WordPress plugin through 2.0 Description The issue is related to the lack of CSRF checks in some places, which could allow attackers to make logged-in admins delete arbitrary menus via a CSRF attack. This could potentially be...

PT-2025-1948 · WordPress · Altra Side Menu

Name of the Vulnerable Software and Affected Versions: Altra Side Menu WordPress plugin versions 2.0 and earlier Description: The issue allows admins to perform SQL injection attacks due to a parameter not being sanitized and escaped before use in a SQL statement. Recommendations: Altra Side Menu...

WordPress plugin Altra Side Menu 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2025-24724

Cross-Site Request Forgery CSRF vulnerability in Wow-Company Side Menu Lite side-menu-lite allows Cross Site Request Forgery.This issue affects Side Menu Lite: from n/a through = 5.3.1...

CVE-2025-24714

Cross-Site Request Forgery CSRF vulnerability in Wow-Company Bubble Menu – circle floating menu bubble-menu allows Cross Site Request Forgery.This issue affects Bubble Menu – circle floating menu: from n/a through = 4.0.2...

CVE-2025-24724

CVE-2025-24724 refers to a CSRF vulnerability in the Wow-Company Side Menu Lite WordPress plugin, affecting versions up to 5.3.1. The issue enables Cross-Site Request Forgery to trigger settings changes. CVSS metrics shown (3.1 vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L) indicate a Medium impact...

CVE-2025-24724 WordPress Side Menu Lite Plugin <= 5.3.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery CSRF vulnerability in Wow-Company Side Menu Lite side-menu-lite allows Cross Site Request Forgery.This issue affects Side Menu Lite: from n/a through = 5.3.1...

CVE-2025-24714 WordPress Bubble Menu Plugin <= 4.0.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Wow-Company Bubble Menu – circle floating menu bubble-menu allows Cross Site Request Forgery.This issue affects Bubble Menu – circle floating menu: from n/a through = 4.0.2...

CVE-2025-24714

CVE-2025-24714 — Cross-Site Request Forgery in the WordPress plugin “Bubble Menu – circle floating menu” (affecting versions up to 4.0.2). Technical detail from sources shows the issue is a CSRF vulnerability capable of unauthorized actions on behalf of an authenticated user. Patch/mitigation: up...

CVE-2025-0698

A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. It has been classified as critical. Affected is an unknown function of the file /admin/sys/menu/list. The manipulation of the argument sort/order leads to sql injection. It is possible to launch the...

CVE-2025-0698 JoeyBling bootplus list sql injection

A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. It has been classified as critical. Affected is an unknown function of the file /admin/sys/menu/list. The manipulation of the argument sort/order leads to sql injection. It is possible to launch the...

CVE-2025-0698

CVE-2025-0698 affects JoeyBling bootplus, with a SQL injection in the internal endpoint /admin/sys/menu/list caused by manipulating the sort/order parameter. The vulnerability is exploitable remotely and has publicly disclosed exploits. Affected is an unknown function within the file; no version ...

WordPress Bubble Menu Plugin <= 4.0.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Khang Duong in WordPress Plugin Bubble Menu – circle floating menu versions = 4.0.2...

WordPress Side Menu Lite Plugin <= 5.3.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross Site Request Forgery CSRF to Settings Change vulnerability discovered by Khang Duong in WordPress Plugin Side Menu Lite versions = 5.3.1...

WordPress plugin Side Menu Lite 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

WordPress plugin Bubble Menu – circle floating menu 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. WordPress plugin Bubble Menu - circle floating menu A...

bootplus 注入漏洞

bootplus is a permission management framework by JoeyBling Personal Developer. An injection vulnerability exists in bootplus, which stems from the parameter sort/order in the file /admin/sys/menu/list that causes SQL injection...

PT-2025-5538 · Unknown · Side Menu Lite

Name of the Vulnerable Software and Affected Versions: Side Menu Lite versions through 5.3.1 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows an attacker to perform unauthorized actions on a user's account. This can be achieved by tricking the user into...