PT-2024-28704 · WordPress · Wp Mobile Menu

Name of the Vulnerable Software and Affected Versions: The WP Mobile Menu – The Mobile-Friendly Responsive Menu plugin for WordPress versions up to, and including, 2.8.4.2 Description: The issue is related to Stored Cross-Site Scripting via image alt text due to insufficient input sanitization an...

PT-2024-28840 · WordPress · Post Blocks +5

Name of the Vulnerable Software and Affected Versions: Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress versions up to, and including, 2.2.80 Description: The issue is related to Stored Cross-Site Scripting via the class...

CVE-2024-5459

The Restaurant Menu and Food Ordering plugin for WordPress is vulnerable to unauthorized creation of data due to a missing capability check on 'addsection', 'addmenu', 'addmenuitem', and 'addmenupage' functions in all versions up to, and including, 2.4.16. This makes it possible for authenticated...

CVE-2024-5459

The Restaurant Menu and Food Ordering plugin for WordPress is vulnerable to unauthorized creation of data due to a missing capability check on 'addsection', 'addmenu', 'addmenuitem', and 'addmenupage' functions in all versions up to, and including, 2.4.16. This makes it possible for authenticated...

WordPress Restaurant Menu and Food Ordering plugin <= 2.4.16 - Missing Authorization to Menu Creation vulnerability

Missing Authorization to Menu Creation vulnerability discovered by Lucio Sá in WordPress Plugin Five Star Restaurant Menu versions = 2.4.16...

Restaurant Menu and Food Ordering < 2.4.17 - Missing Authorization to Menu Creation

Description The Restaurant Menu and Food Ordering plugin for WordPress is vulnerable to unauthorized creation of data due to a missing capability check on 'addsection', 'addmenu', 'addmenuitem', and 'addmenupage' functions in all versions up to, and including, 2.4.16. This makes it possible for...

WordPress Five Star Restaurant Menu Plugin <= 2.4.16 is vulnerable to Broken Access Control

Software Five Star Restaurant Menu Type Plugin Vulnerable versions = 2.4.16 Fixed in 2.4.17 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5459 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d3ee7a9da89d Credits Lucio Sá Required...

PT-2024-29756 · WordPress · Themesflat Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Themesflat Addons For Elementor plugin for WordPress versions up to, and including, 2.1.1 Description: The issue is related to Stored Cross-Site Scripting in the Themesflat Addons For Elementor plugin for WordPress. This is due to insufficien...

Exploit for CVE-2024-4956

Badges !MIT Licensehttps://img.shields.io/badge/Licens...

CVE-2024-5427 WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce <= 2.2.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Reservation Form Shortcode

The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input sanitization and outp...

PT-2024-27424 · WordPress · Login Logout Register Menu

Name of the Vulnerable Software and Affected Versions: Login Logout Register Menu plugin for WordPress versions up to, and including, 2.0 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's 'llrmloginlogout' shortcode...

Exploit for Open Redirect in King-Theme Kingcomposer

Badges !MIT Licensehttps://img.shields.io/badge/Licens...

The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce < 5.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading Title Widget

Description The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' attribute of the Heading Title widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied...

Exploit for CVE-2023-5089

Badges !MIT Licensehttps://img.shields.io/badge/Licens...

ManageEngine ServiceDesk Plus MSP < 14.7 Build 14720

The version of ManageEngine ServiceDesk Plus MSP installed on the remote host is prior to 14.7 Build 14720. It is, therefore, affected by a vulnerability as referenced in the service-desk-mspcve-2024-27314 advisory. - A stored cross-site scripting XSS vulnerability allowed users with the SDAdmin...

ManageEngine SupportCenter Plus < 14.7 Build 14720

The version of ManageEngine SupportCenter Plus installed on the remote host is prior to 14.7 Build 14720. It is, therefore, affected by a vulnerability as referenced in the support-centercve-2024-27314 advisory. - A stored cross-site scripting XSS vulnerability allowed users with the SDAdmin role...

ManageEngine ServiceDesk Plus < 14.7 Build 14730

The version of ManageEngine ServiceDesk Plus installed on the remote host is prior to 14.7 Build 14730. It is, therefore, affected by a vulnerability as referenced in the service-deskcve-2024-27314 advisory. - A stored cross-site scripting XSS vulnerability allowed users with the SDAdmin role to...

CVE-2024-4378

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's menu and shape widgets in all versions up to, and including, 4.10.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

CVE-2024-1855

CVE-2024-1855 affects the WPCafe – Online Food Ordering, Restaurant Menu, Delivery and Reservations for WordPress. The vulnerability is a Server-Side Request Forgery (SSRF) in all versions up to 2.2.23, exploitable via the wpc_check_for_submission function. This allows unauthenticated attackers t...

WordPress plugin Premium Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability exists in...