3948 matches found
CVE-2024-3206 Different Menu in Different Pages – Control Menu Visibility (All in One) <= 2.3.2 - Missing Authorization to Menu Duplication
The Different Menu in Different Pages – Control Menu Visibility All in One plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajax function in all versions up to, and including, 2.3.2. This makes it possible for authenticated attackers, with...
CVE-2024-3206 Different Menu in Different Pages – Control Menu Visibility (All in One) <= 2.3.2 - Missing Authorization to Menu Duplication
The Different Menu in Different Pages – Control Menu Visibility All in One plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajax function in all versions up to, and including, 2.3.2. This makes it possible for authenticated attackers, with...
WordPress Side Menu Lite plugin < 4.2.1 - Menu Deletion via CSRF vulnerability
Menu Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Side Menu Lite versions 4.2.1...
WordPress Float menu plugin < 6.0.1 - Menu Deletion via CSRF vulnerability
Menu Deletion via CSRF vulnerability discovered by Erwan LR WPScan in WordPress Plugin Float menu versions 6.0.1...
CVE-2024-3476
The Side Menu Lite WordPress plugin before 4.2.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks...
CVE-2024-3476
The Side Menu Lite WordPress plugin before 4.2.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks...
CVE-2024-2405
The Float menu WordPress plugin before 6.0.1 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admin delete arbitrary menu via a CSRF attack...
CVE-2024-3476 Side Menu Lite < 4.2.1 - Menu Deletion via CSRF
The Side Menu Lite WordPress plugin before 4.2.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks...
CVE-2024-3476 Side Menu Lite < 4.2.1 - Menu Deletion via CSRF
The Side Menu Lite WordPress plugin before 4.2.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks...
CVE-2024-2405 Float menu < 6.0.1 - Menu Deletion via CSRF
The Float menu WordPress plugin before 6.0.1 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admin delete arbitrary menu via a CSRF attack...
CVE-2024-2405 Float menu < 6.0.1 - Menu Deletion via CSRF
The Float menu WordPress plugin before 6.0.1 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admin delete arbitrary menu via a CSRF attack...
WordPress Float menu Plugin < 6.0.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software Float menu Type Plugin Vulnerable versions 6.0.1 Fixed in 6.0.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-2405 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 80605a5ac1fe Credits Erwan LR WPScan Required...
WordPress Plugin ElementsKit Pro 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress plugin Side Menu Lite 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
WordPress Side Menu Lite Plugin < 4.2.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software Side Menu Lite Type Plugin Vulnerable versions 4.2.1 Fixed in 4.2.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3476 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 570b701cebb0 Credits Bob Matyas Required...
PT-2024-26287 · WordPress · Elementskit Pro
Name of the Vulnerable Software and Affected Versions: ElementsKit Pro plugin for WordPress versions up to, and including, 3.6.0 Description: The issue allows authenticated attackers with contributor-level access and above to include and execute arbitrary files on the server. This can be used to...
WordPress plugin Float menu 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
PT-2024-24379 · WordPress · The Different Menu In Different Pages – Control Menu Visibility
Name of the Vulnerable Software and Affected Versions: The Different Menu in Different Pages – Control Menu Visibility All in One plugin for WordPress versions up to, and including, 2.3.2 Description: The issue is related to unauthorized access due to a missing capability check on the ajax...
WordPress plugin Control Menu Visibility 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
CVE-2024-33423
Cross-Site Scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Logout parameter under the Language section...