3948 matches found
WordPress Uber Menu plugin <= 3.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Shortcodes vulnerability discovered by stealthcopter in WordPress Plugin Uber Menu versions = 3.8.2...
WordPress Uber Menu Plugin <= 3.8.2 is vulnerable to Cross Site Scripting (XSS)
Software Uber Menu Type Plugin Vulnerable versions = 3.8.2 Fixed in 3.8.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4710 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 50d8afce240c Credits stealthcopter Required privile...
WordPress Plugin Uber Menu 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...
Information Disclosure
ezsystems/ezpublish-legacy is vulnerable to Information Disclosure. The vulnerability is caused due to the module not properly checking access permissions when rendering the content tree menu. This allows the tree menu to display hidden items to unauthorized users if they access the backend URL...
Exploit for Incorrect Authorization in Wpserveur Wps_Hide_Login
Badges !MIT Licensehttps://img.shields.io/badge/Licens...
CVE-2024-4635 Menu Icons by ThemeIsle <= 0.13.13 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload
The Menu Icons by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘addmimetype’ function in versions up to, and including, 0.13.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level...
CVE-2024-4635
The vulnerability CVE-2024-4635 affects Menu Icons by ThemeIsle (WordPress plugin). In versions up to 0.13.13, stored cross-site scripting can be triggered via the add_mime_type function due to insufficient input sanitization and output escaping. Exploitation requires authenticated access at auth...
WordPress Menu Icons by ThemeIsle plugin <= 0.13.13 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload vulnerability
Authenticated Author+ Stored Cross-Site Scripting via SVG Upload vulnerability discovered by wesley wcraft in WordPress Plugin Menu Icons by ThemeIsle versions = 0.13.13...
WordPress plugin Menu Icons by ThemeIsle 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...
CVE-2024-2441
The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8 allows direct access to menus, allowing an authenticated user with subscriber privileges or above, to bypass authorization and access settings of the VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's they...
CVE-2024-2441 VikBooking < 1.6.8 - Insecure Direct Object References
The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8 allows direct access to menus, allowing an authenticated user with subscriber privileges or above, to bypass authorization and access settings of the VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's they...
PT-2024-20389 · WordPress · Vikbooking Hotel Booking Engine & Pms
Name of the Vulnerable Software and Affected Versions: VikBooking Hotel Booking Engine & PMS WordPress plugin versions prior to 1.6.8 Description: The issue allows an authenticated user with subscriber privileges or above to bypass authorization and access settings they shouldn't be allowed to...
CVE-2024-33932
CVE-2024-33932 is a Stored XSS in the WordPress plugin Login Logout Register Menu, rooted in Improper Neutralization of Input During Web Page Generation. Affected range: Login Logout Register Menu: from n/a through 2.0. The connected Red Hat entry and project descriptions indicate the issue is an...
CVE-2023-38090
Kofax Power PDF popUpMenu Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a...
CVE-2023-32136
D-Link DAP-1360 webproc var:menu Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The...
CVE-2023-32136
D-Link DAP-1360 webproc var:menu Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The...
PT-2024-25565 · Vinod Dalvi · Login Logout Register Menu
Name of the Vulnerable Software and Affected Versions: Vinod Dalvi Login Logout Register Menu versions n/a through 2.0 Description: The issue is related to improper neutralization of input during web page generation, which allows stored cross-site scripting XSS. This means that an attacker can...
CVE-2024-3500
The ElementsKit Pro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.0 via the Price Menu, Hotspot, and Advanced Toggle widgets. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute...
CVE-2024-3500
The ElementsKit Pro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.0 via the Price Menu, Hotspot, and Advanced Toggle widgets. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute...
CVE-2024-3206
The Different Menu in Different Pages – Control Menu Visibility All in One plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajax function in all versions up to, and including, 2.3.2. This makes it possible for authenticated attackers, with...