WordPress Hero Menu plugin <= 1.16.5 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Bonds Patchstack Alliance in WordPress Plugin Hero Mega Menu - Responsive WordPress Menu Plugin versions = 1.16.5...

WordPress Hero Menu plugin <= 1.16.5 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Bonds Patchstack Alliance in WordPress Plugin Hero Mega Menu - Responsive WordPress Menu Plugin versions = 1.16.5...

WordPress Hero Menu plugin <= 1.16.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Bonds Patchstack Alliance in WordPress Plugin Hero Mega Menu - Responsive WordPress Menu Plugin versions = 1.16.5...

CVE-2024-37274

Cross-Site Request Forgery CSRF vulnerability in Rui Guerreiro WP Mobile Menu mobile-menu allows Cross Site Request Forgery.This issue affects WP Mobile Menu: from n/a through = 2.8.4.3...

CVE-2024-37274

CVE-2024-37274 concerns the WordPress plugin WP Mobile Menu (Freshlight Lab) with CSRF vulnerability. Public details indicate the issue affects WP Mobile Menu versions up to 2.8.4.3, allowing cross-site request forgery. The description from the CVE and corroborating records states a CSRF vulnerab...

WordPress plugin WP Mobile Menu 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site request forge...

CVE-2024-49698

Missing Authorization vulnerability in PriceListo Best Restaurant Menu by PriceListo best-restaurant-menu-by-pricelisto.This issue affects Best Restaurant Menu by PriceListo: from n/a through = 1.4.2...

CVE-2024-49694 WordPress My Wp Brand – Hide menu & Hide Plugin plugin <= 1.1.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in imw3 My Wp Brand my-wp-brand.This issue affects My Wp Brand: from n/a through = 1.1.2...

CVE-2024-49698 WordPress Great Restaurant Menu WP plugin <= 1.4.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in PriceListo Best Restaurant Menu by PriceListo best-restaurant-menu-by-pricelisto.This issue affects Best Restaurant Menu by PriceListo: from n/a through = 1.4.2...

CVE-2024-49698

CVE-2024-49698 refers to WordPress plugin Best Restaurant Menu by PriceListo (aka Great Restaurant Menu WP) with vulnerable version

CVE-2024-49698 WordPress Great Restaurant Menu WP plugin <= 1.4.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in PriceListo Best Restaurant Menu by PriceListo best-restaurant-menu-by-pricelisto.This issue affects Best Restaurant Menu by PriceListo: from n/a through = 1.4.2...

PT-2024-33647 · Imw3 · My Wp Brand – Hide Menu & Hide Plugin

Name of the Vulnerable Software and Affected Versions: My Wp Brand – Hide menu & Hide Plugin versions 1.1.2 and below Description: A Missing Authorization vulnerability is present in the imw3 My Wp Brand – Hide menu & Hide Plugin. This issue allows for unauthorized access. Recommendations: For...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the admin/auth/menu and /admin/auth/extensions components due to improper user input sanitization. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicio...

CVE-2024-54775

Dcat-Admin v2.2.0-beta and v2.2.2-beta contains a Cross-Site Scripting XSS vulnerability via /admin/auth/menu and /admin/auth/extensions...

Dcat Admin 安全漏洞

Dcat Admin is a backend system builder based on the secondary development of laravel-admin by Jiang Qinghua. A security vulnerability exists in Dcat Admin v2.2.0-beta and v2.2.2-beta, which was discovered to contain a cross-site scripting vulnerability via /admin/auth/menu and...

Start menu may stop responding if December 2024 or newer security updates installed on Windows 11

Start menu within a Windows 11 VDI session may not respond for some users after installing Microsoft's December 2024 or newer security updates TPV-6122 Solution This issue is fixed in the Citrix Virtual Apps and Desktops 7 2503 and newer versions. If users are using LTSR or older versions of Citr...

WordPress plugin Full Screen Menu for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-16556 · WordPress · Full Screen Menu For Elementor

Name of the Vulnerable Software and Affected Versions: Full Screen Menu for Elementor plugin for WordPress versions up to, and including, 1.0.7 Description: The Full Screen Menu for Elementor plugin for WordPress has an Information Exposure issue due to insufficient restrictions on which posts ca...

WordPress Full Screen Menu for Elementor plugin <= 1.0.7 - Authenticated (Contributor+) Post Disclosure vulnerability

Authenticated Contributor+ Post Disclosure vulnerability discovered by Francesco Carlucci in WordPress Plugin Full Screen Menu for Elementor versions = 1.0.7...

Digiteam 安全漏洞

Digiteam is a sales digitization and gamification mobile solution from Digiteam, Inc. A security vulnerability exists in Digiteam version v4.21.0.0 that stems from improper access control in the endpoint /RoleMenuMapping/AddRoleMenu. An attacker can exploit the vulnerability to elevate privileges...