CVE-2024-10866 Export Import Menus <= 1.9.1 - Missing Authorization to Unauthenticated Menu Export

The Export Import Menus plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the dspexportimportmenus function in all versions up to, and including, 1.9.1. This makes it possible for unauthenticated attackers to export menu data and settings...

CVE-2024-10866 Export Import Menus <= 1.9.1 - Missing Authorization to Unauthenticated Menu Export

The Export Import Menus plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the dspexportimportmenus function in all versions up to, and including, 1.9.1. This makes it possible for unauthenticated attackers to export menu data and settings...

CVE-2024-12022

Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-52485. Reason: This candidate is a reservation duplicate of CVE-2024-52485. Notes: All CVE users should reference CVE-2024-52485 instead of this candidate. All references and descriptions in this candidate have been...

CVE-2024-12022

...

CVE-2024-12022

CVE-2024-12022 entry is rejected and should not be used.

CVE-2024-12022

...

Joomla! 跨站脚本漏洞

Joomla! is a free, open source content management system open-sourced by Joomla! A security vulnerability exists in Joomla! that stems from a lack of output escaping for the id attribute of a menu list...

PT-2025-2598 · Joomla +2 · Joomla! +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to a lack of output escaping in the id attribute of menu lists. This could potentially lead to issues where user input is not...

PT-2025-1729 · WordPress · Wp Menu Image

Name of the Vulnerable Software and Affected Versions: WP Menu Image plugin for WordPress versions up to, and including, 2.2 Description: The issue is related to a missing capability check on the wmi delete img menu function, which allows unauthenticated attackers to delete images from menus. Thi...

CVE-2025-0220

A vulnerability, which was classified as problematic, was found in Trimble SPS851 488.01. This affects an unknown part of the component Ethernet Configuration Menu. The manipulation of the argument Hostname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit...

CVE-2025-0220 Trimble SPS851 Ethernet Configuration Menu cross site scripting

A vulnerability, which was classified as problematic, was found in Trimble SPS851 488.01. This affects an unknown part of the component Ethernet Configuration Menu. The manipulation of the argument Hostname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit...

CVE-2025-0220

CVE-2025-0220 affects Trimble SPS851 v488.01 in the Ethernet Configuration Menu. The Hostname parameter manipulation triggers reflected cross-site scripting; remote exploitation is possible and the exploit has been disclosed publicly. Vendor response is noted as absent. Mitigation notes from PT-2...

CVE-2025-0220 Trimble SPS851 Ethernet Configuration Menu cross site scripting

A vulnerability, which was classified as problematic, was found in Trimble SPS851 488.01. This affects an unknown part of the component Ethernet Configuration Menu. The manipulation of the argument Hostname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit...

Trimble SPS851 代码注入漏洞

The Trimble SPS851 is a modular GPS receiver from Trimble. A code injection vulnerability exists in the Trimble SPS851 version 488.01, which stems from the parameter Hostname of the component Ethernet Configuration Menu that leads to cross-site scripting...

PT-2025-3790 · Trimble · Trimble Sps851

Name of the Vulnerable Software and Affected Versions: Trimble SPS851 version 488.01 Description: A problematic issue was found in the Ethernet Configuration Menu component of the affected software. The manipulation of the Hostname argument leads to cross-site scripting. It is possible to initiat...

CVE-2025-0214

A vulnerability was found in TMD Custom Header Menu 4.0.0.1 on OpenCart. It has been rated as problematic. This issue affects some unknown processing of the file /admin/index.php. The manipulation of the argument headermenuid leads to sql injection. The attack may be initiated remotely. The...

CVE-2025-0214 TMD Custom Header Menu index.php sql injection

A vulnerability was found in TMD Custom Header Menu 4.0.0.1 on OpenCart. It has been rated as problematic. This issue affects some unknown processing of the file /admin/index.php. The manipulation of the argument headermenuid leads to sql injection. The attack may be initiated remotely. The...

CVE-2025-0214

CVE-2025-0214 affects OpenCart/OpenCart module TMD Custom Header Menu 4.0.0.1. The vulnerability resides in the admin/index.php processing of the headermenu_id parameter, allowing SQL injection with remote access. Impact is stated as partial confidentiality/integrity/availability implications per...

CVE-2025-0214 TMD Custom Header Menu index.php sql injection

A vulnerability was found in TMD Custom Header Menu 4.0.0.1 on OpenCart. It has been rated as problematic. This issue affects some unknown processing of the file /admin/index.php. The manipulation of the argument headermenuid leads to sql injection. The attack may be initiated remotely. The...

PT-2025-3786 · Unknown · Tmd Custom Header Menu

Name of the Vulnerable Software and Affected Versions: TMD Custom Header Menu version 4.0.0.1 Description: A problem was found in the processing of the file /admin/index.php. The manipulation of the headermenu id argument leads to SQL injection. The attack may be initiated remotely. The complexit...