CVE-2024-49333 WordPress Hero Menu plugin <= 1.16.5 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows SQL Injection. This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: from n/a through 1.16.5...

CVE-2024-49333

CVE-2024-49333 is a SQL injection vulnerability in the WordPress plugin Hero Mega Menu - Responsive WordPress Menu Plugin. It affects versions

PT-2025-2824 · WordPress · Hero Mega Menu - Responsive Wordpress Menu Plugin

Name of the Vulnerable Software and Affected Versions: Hero Mega Menu - Responsive WordPress Menu Plugin versions 1.16.5 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for reflected cross-site scripting XSS. This means an...

WordPress plugin Hero Mega Menu SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

PT-2025-2825 · WordPress · Hero Mega Menu

Name of the Vulnerable Software and Affected Versions: Hero Mega Menu - Responsive WordPress Menu Plugin versions 1.16.5 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL...

PT-2025-2826 · WordPress · Hero Mega Menu - Responsive Wordpress Menu Plugin

Name of the Vulnerable Software and Affected Versions: Hero Mega Menu - Responsive WordPress Menu Plugin versions n/a through 1.16.5 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL...

WordPress plugin Hero Mega Menu 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin Hero Mega Menu SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

WordPress LJ Custom Menu Links Plugin <= 2.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin LJ Custom Menu Links versions = 2.5...

WordPress Admin Menu Organizer plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Zlrqh in WordPress Plugin Admin Menu Organizer versions = 1.0.1...

CVE-2024-13266

Incorrect Authorization vulnerability in Drupal Responsive and off-canvas menu allows Forceful Browsing.This issue affects Responsive and off-canvas menu: from 0.0.0 before 4.4.4...

CVE-2024-13266 Responsive and off-canvas menu - Moderately critical - Access bypass - SA-CONTRIB-2024-030

Incorrect Authorization vulnerability in Drupal Responsive and off-canvas menu allows Forceful Browsing.This issue affects Responsive and off-canvas menu: from 0.0.0 before 4.4.4...

CVE-2024-13266

CVE-2024-13266 affects Drupal Responsive and off-canvas menu (versions 0.0.0 through 4.4.3). The issue is an Incorrect Authorization vulnerability that enables Forceful Browsing and may bypass node access restrictions in menus. A fix is available in 4.4.4 and later; upgrade to 4.4.4+ or apply the...

CVE-2025-0345

A vulnerability was found in leiyuxi cy-fast 1.0 and classified as critical. Affected by this issue is the function listData of the file /sys/menu/listData. The manipulation of the argument order leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the...

PT-2025-3840 · Unknown · Leiyuxi Cy-Fast

Name of the Vulnerable Software and Affected Versions: leiyuxi cy-fast version 1.0 Description: A critical vulnerability exists in the listData function within the /sys/menu/listData file. Manipulation of the argument order leads to a SQL injection, potentially allowing for remote attacks. The...

Drupal 安全漏洞

Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in the Drupal Responsive and off-canvas menu prior to version 4.4.4, which stems from the inclusion of an authorization error vulnerability...

CVE-2024-40748

Lack of output escaping in the id attribute of menu lists...

CVE-2024-40748 [20250102] - Core - XSS vector in the id attribute of menu lists

Lack of output escaping in the id attribute of menu lists...

CVE-2024-40748 [20250102] - Core - XSS vector in the id attribute of menu lists

Lack of output escaping in the id attribute of menu lists...

CVE-2024-40748

CVE-2024-40748 is confirmed in Joomla! core as a cross-site scripting (XSS) vector in the id attribute of menu lists. Multiple connected sources describe lack of output escaping in the id attribute, with no specific exploit details or fixes provided in the documents. The CVSSv3.1 base score is 7....