PT-2025-4007 · Joeybling · Bootplus

Name of the Vulnerable Software and Affected Versions: JoeyBling bootplus versions up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d Description: A critical issue has been found, allowing for remote SQL injection. The manipulation of the sort/order argument in an unknown function of the file...

PT-2025-5528 · Unknown · Bubble Menu

Name of the Vulnerable Software and Affected Versions: Bubble Menu – circle floating menu versions through 4.0.2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows Cross Site Request Forgery. Recommendations: For versions through 4.0.2, update to a version lat...

CVE-2025-23686

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in phpdevca Admin Menu Organizer admin-menu-organizer allows Reflected XSS.This issue affects Admin Menu Organizer: from n/a through = 1.0.1...

CVE-2025-23686

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in phpdevca Admin Menu Organizer admin-menu-organizer allows Reflected XSS.This issue affects Admin Menu Organizer: from n/a through = 1.0.1...

CVE-2025-23686

CVE-2025-23686 is a reported Reflected Cross-Site Scripting in the WordPress plugin Admin Menu Organizer , affecting versions from n/a up to 1.0.1 . The connected Red Hat and vulnerability catalog entries repeat the description but do not provide technical specifics such as vulnerable vectors, ro...

CVE-2025-23686 WordPress Admin Menu Organizer plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in phpdevca Admin Menu Organizer admin-menu-organizer allows Reflected XSS.This issue affects Admin Menu Organizer: from n/a through = 1.0.1...

CVE-2025-23686 WordPress Admin Menu Organizer plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Callum Richards Admin Menu Organizer allows Reflected XSS. This issue affects Admin Menu Organizer: from n/a through 1.0.1...

WordPress plugin Admin Menu Organizer 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

GHSA-79XX-VF93-P7CX Cross-Site Scripting (XSS) vulnerability in generateNavigation() function in PhpSpreadsheet

Summary The researcher discovered zero-day vulnerability Cross-Site Scripting XSS vulnerability in the code which translates the XLSX file into a HTML representation and displays it in the response. Details When generating the HTML from an xlsx file containing multiple sheets, a navigation menu i...

CVE-2024-49333

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows SQL Injection. This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: from n/a through 1.16.5...

CVE-2024-49303

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows SQL Injection. This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: from n/a through 1.16.5...

CVE-2024-49300

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows Reflected XSS. This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: from n/a through 1.16.5...

CVE-2024-49300

CVE-2024-49300 is a Reflected XSS in the WordPress plugin Hero Mega Menu - Responsive WordPress Menu Plugin, affecting versions up to 1.16.5. The connected Red Hat entry and PT/ENISA notes indicate the vulnerability exists; a public patch/remediation is not detailed in the provided docs, but one ...

CVE-2024-49300 WordPress Hero Menu plugin <= 1.16.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows Reflected XSS. This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: from n/a through 1.16.5...

CVE-2024-49300 WordPress Hero Menu plugin <= 1.16.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows Reflected XSS. This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: from n/a through 1.16.5...

CVE-2024-49303 WordPress Hero Menu plugin <= 1.16.5 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows SQL Injection. This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: from n/a through 1.16.5...

CVE-2024-49333 WordPress Hero Menu plugin <= 1.16.5 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows SQL Injection. This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: from n/a through 1.16.5...

CVE-2024-49303

CVE-2024-49303 : SQL injection in the WordPress plugin Hero Mega Menu - Responsive WordPress Menu Plugin . Affected: versions

CVE-2024-49303 WordPress Hero Menu plugin <= 1.16.5 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows SQL Injection. This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: from n/a through 1.16.5...

CVE-2024-49333 WordPress Hero Menu plugin <= 1.16.5 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows SQL Injection. This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: from n/a through 1.16.5...