CVE-2024-28003 WordPress Max Mega Menu plugin <= 3.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Megamenu Max Mega Menu.This issue affects Max Mega Menu: from n/a through 3.3...

CVE-2024-28003

CVE-2024-28003 affects the WordPress plugin Max Mega Menu (Max Mega Menu) up to version 3.3 (inclusive). Root cause: missing authorization check in the sandbox() function enables “broken access control,” allowing unauthorised or limited-privilege actions by authenticated users (e.g., subscriber l...

WordPress Plugin Max Mega Menu 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress Theme Networker 安全漏洞

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL.WordPress theme is a theme for WordPress. A security vulnerability exists in WordPress Theme Networker 1.1.9 and earlier versions, which stems...

WordPress Max Mega Menu Plugin <= 3.3 is vulnerable to Broken Access Control

Software Max Mega Menu Type Plugin Vulnerable versions = 3.3 Fixed in 3.3.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-28003 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 3ddcba15780a Credits Rafie Muhammad Patchstack Require...

Super Page Cache for Cloudflare < 4.7.6 - Cross-Site Request Forgery

Description The Super Page Cache for Cloudflare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.7.5. This is due to missing or incorrect nonce validation on the adminmenupageindex function. This makes it possible for unauthenticated attackers t...

CVE-2024-29089 WordPress Restaurant Menu and Food Ordering plugin <= 2.4.14 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Five Star Plugins Five Star Restaurant Menu allows Stored XSS.This issue affects Five Star Restaurant Menu: from n/a through 2.4.14...

CVE-2024-29089

CVE-2024-29089 is a Stored XSS vulnerability in Five Star Restaurant Menu (WordPress plugin) affecting versions up through 2.4.14. The issue stems from improper input neutralization during web page generation, enabling stored cross-site scripting. The linked Red Hat/Wordfence entries confirm the ...

WordPress Plugin Restaurant Menu and Food Ordering Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

PT-2024-22709 · Unknown · Five Star Restaurant Menu

Name of the Vulnerable Software and Affected Versions: Five Star Restaurant Menu versions through 2.4.14 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS, which can be exploited by...

SendPress Newsletters <= 1.23.11.6 - Admin+ Stored XSS via Settings

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Click SendPress in the Admin menu...

PT-2024-21041 · Unknown · Pandaxgo Pandax

Name of the Vulnerable Software and Affected Versions: PandaXGO PandaX up to 20240310 Description: A critical issue was found in the function InsertRole of the file /apps/system/services/role menu.go. The manipulation of the argument roleKey leads to sql injection. It is possible to initiate the...

WordPress Five Star Restaurant Menu Plugin <= 2.4.14 is vulnerable to Cross Site Scripting (XSS)

Software Five Star Restaurant Menu Type Plugin Vulnerable versions = 2.4.14 Fixed in 2.4.15 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29089 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c610b96fa701 Credits Steven Julian Required...

RiteCMS Cross-Site Scripting Vulnerability (CNVD-2025-21552)

RiteCMS is an open source content management system based on PHP and SQLite. RiteCMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the component mainmenu/editsection, which can be exploited by an attacker to...

RiteCMS 跨站脚本漏洞

RiteCMS is an open source content management system based on PHP and SQLite. RiteCMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the component mainmenu/editsection, which can be exploited by an attacker to...

PT-2024-22496 · Ritecms · Ritecms

Name of the Vulnerable Software and Affected Versions: RiteCMS version 3.0.0 Description: A cross-site scripting XSS issue was found in the main menu/edit section component. This allows for potential XSS attacks. Recommendations: For RiteCMS version 3.0.0, consider disabling access to the main...

CVE-2024-2354

A vulnerability, which was classified as problematic, was found in Dreamer CMS 4.1.3. Affected is an unknown function of the file /admin/menu/toEdit. The manipulation of the argument id leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclos...

PT-2024-19930 · Unknown · Dreamer Cms

Name of the Vulnerable Software and Affected Versions: Dreamer CMS version 4.1.3 Description: A problematic issue was found in the software, affecting an unknown function of the file /admin/menu/toEdit. The manipulation of the id argument leads to cross-site request forgery. It is possible to...

WinFiHack - A Windows Wifi Brute Forcing Utility Which Is An Extremely Old Method But Still Works Without The Requirement Of External Dependencies

WinFiHack is a recreational attempt by me to rewrite my previous project Brute-Hacking-Framework's main wifi hacking script that uses netsh and native Windows scripts to create a wifi bruteforcer. This is in no way a fast script nor a superior way of doing the same hack but it needs no external...

CVE-2024-2211

Cross-Site Scripting stored vulnerability in Gophish affecting version 0.12.1. This vulnerability could allow an attacker to store a malicious JavaScript payload in the campaign menu and trigger the payload when the campaign is removed from the menu...