CVE-2024-43113

The CVE concerns Mozilla Firefox for iOS with versions older than 129. The issue arises from improper validation in the link context menu, enabling cross-site scripting via the contextual menu for links. Affected component: Firefox for iOS; root cause: input validation flaw in link context menu; ...

CVE-2024-3238 WordPress Menu Plugin — Superfly Responsive Menu <= 5.0.29 - Cross-Site Request Forgery to Arbitrary File Deletion

The WordPress Menu Plugin — Superfly Responsive Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.29. This is due to missing or incorrect nonce validation on the ajaxhandledeleteicons function. This makes it possible for unauthenticate...

CVE-2024-3238 WordPress Menu Plugin — Superfly Responsive Menu <= 5.0.29 - Cross-Site Request Forgery to Arbitrary File Deletion

The WordPress Menu Plugin — Superfly Responsive Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.29. This is due to missing or incorrect nonce validation on the ajaxhandledeleteicons function. This makes it possible for unauthenticate...

CVE-2024-3238

CVE-2024-3238 affects the WordPress Menu Plugin — Superfly Responsive Menu. The vulnerability is a Cross-Site Request Forgery due to missing or incorrect nonce validation in the ajax_handle_delete_icons() function, allowing unauthenticated attackers to delete arbitrary files if a site admin is tr...

WordPress Superfly Responsive Menu plugin <= 5.0.29 - Cross-Site Request Forgery to Arbitrary File Deletion vulnerability

Cross-Site Request Forgery to Arbitrary File Deletion vulnerability discovered by M.Awad in WordPress Plugin Superfly Menu versions = 5.0.29...

WordPress Superfly Menu Plugin <= 5.0.29 is vulnerable to Cross Site Request Forgery (CSRF)

Software Superfly Menu Type Plugin Vulnerable versions = 5.0.29 Fixed in 5.0.30 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3238 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 281e95564a8a Credits M.Awad Required...

WordPress plugin Superfly Responsive Menu 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-24541 · WordPress · Superfly Responsive Menu

Name of the Vulnerable Software and Affected Versions: WordPress Menu Plugin — Superfly Responsive Menu plugin for WordPress versions up to and including 5.0.29 Description: The issue is related to Cross-Site Request Forgery CSRF due to missing or incorrect nonce validation on the ajax handle...

CVE-2024-2508

The WP Mobile Menu plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savemenuitemicon function in all versions up to, and including, 2.8.4.4. This makes it possible for unauthenticated attackers to add the 'mobmenuicon' post meta to...

CVE-2024-2508 WP Mobile Menu <= 2.8.4.4 - Missing Authorization to _mobmenu_icon Post Meta Modification

The WP Mobile Menu plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savemenuitemicon function in all versions up to, and including, 2.8.4.4. This makes it possible for unauthenticated attackers to add the 'mobmenuicon' post meta to...

CVE-2024-2508 WP Mobile Menu <= 2.8.4.4 - Missing Authorization to _mobmenu_icon Post Meta Modification

The WP Mobile Menu plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savemenuitemicon function in all versions up to, and including, 2.8.4.4. This makes it possible for unauthenticated attackers to add the 'mobmenuicon' post meta to...

CVE-2024-2508

CVE-2024-2508 affects the WordPress plugin WP Mobile Menu (versions up to 2.8.4.4). The vulnerability arises from a missing capability check in the save_menu_item_icon function, enabling unauthenticated attackers to modify data by adding the post meta key '_mobmenu_icon' with a crafted value on a...

WordPress WP Mobile Menu plugin <= 2.8.4.4 - Missing Authorization to _mobmenu_icon Post Meta Modification vulnerability

Missing Authorization to mobmenuicon Post Meta Modification vulnerability discovered by 1337Wannabe in WordPress Plugin WP Mobile Menu versions = 2.8.4.4...

CVE-2024-7277

A vulnerability was found in itsourcecode Alton Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/menu.php of the component Add a Menu. The manipulation of the argument image leads to unrestricted upload. The attack may be...

WordPress WP Mobile Menu Plugin <= 2.8.4.4 is vulnerable to Broken Access Control

Software WP Mobile Menu Type Plugin Vulnerable versions = 2.8.4.4 Fixed in 2.8.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-2508 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID a69747222ff0 Credits 1337Wannabe Required privileg...

WordPress plugin WP Mobile Menu 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-20731 · WordPress · Wp Mobile Menu

Name of the Vulnerable Software and Affected Versions: WP Mobile Menu plugin for WordPress versions up to, and including, 2.8.4.4 Description: The issue allows unauthorized modification of data due to a missing capability check on the save menu item icon function. This makes it possible for...

CVE-2024-7277 itsourcecode Alton Management System Add a Menu menu.php unrestricted upload

A vulnerability was found in itsourcecode Alton Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/menu.php of the component Add a Menu. The manipulation of the argument image leads to unrestricted upload. The attack may be...

itsourcecode Alton Management System 代码问题漏洞

itsourcecode Alton Management System is an online restaurant management system from itsourcecode. A code issue vulnerability exists in version 1.0 of itsourcecode Alton Management System, which stems from an unrestricted file upload vulnerability in the image function of the /admin/menu.php of th...

July 30, 2024—KB5040529 (OS Build 26100.1301) Preview

July 30, 2024—KB5040529 OS Build 26100.1301 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types.Note Follow @WindowsUpdate to find out when new content is published to the Windows release health dashboar...