WordPress Menu Item Scheduler Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Menu Item Scheduler Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 85b80b505402 Credits Rafie Muhammad Patchstack Required...

Aures Booking And POS Terminal Local Privilege Escalation

Document Title: =============== Aures Booking & POS Terminal - Local Privilege Escalation References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2323 Release Date: ============= 2023-07-17 Vulnerability Laboratory ID VL-ID: ====================================...

VulnCheck KEV: CVE-2023-26256

An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjFooterNavigationConfig endpoint, it is possible to traverse and read the file system...

WordPress Advance Menu Manager Plugin <= 3.0.5 is vulnerable to Cross Site Scripting (XSS)

Software Advance Menu Manager Type Plugin Vulnerable versions = 3.0.5 Fixed in 3.0.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 720e04a5ed64 Credits Rafie Muhammad Patchstack...

WordPress User Menus – Nav Menu Visibility Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Software User Menus – Nav Menu Visibility Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Code Atlantic LLC PSID 1af27071833c Credits Rafie Muhamma...

WordPress Menu Image, Icons made easy Plugin < 3.10 is vulnerable to Cross Site Scripting (XSS)

Software Menu Image, Icons made easy Type Plugin Vulnerable versions 3.10 Fixed in 3.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 25e0bdea54af Credits Rafie Muhammad Patchstac...

WordPress Iks Menu – WordPress Category Accordion Menu Plugin < 1.11.2 is vulnerable to Cross Site Scripting (XSS)

Software Iks Menu – WordPress Category Accordion Menu Type Plugin Vulnerable versions 1.11.2 Fixed in 1.11.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 241c584c7b9d Credits Raf...

WordPress WP Mobile Menu Plugin < 2.8.4 is vulnerable to Cross Site Scripting (XSS)

Software WP Mobile Menu Type Plugin Vulnerable versions 2.8.4 Fixed in 2.8.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b62d186dca99 Credits Rafie Muhammad Patchstack Required...

WordPress Menu Manager Ultra Plugin <= 1.0.6 is vulnerable to Cross Site Scripting (XSS)

Software Menu Manager Ultra Type Plugin Vulnerable versions = 1.0.6 Fixed in 1.0.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c9e315056b69 Credits Rafie Muhammad Patchstack...

WordPress FullScreen Menu – Mobile Friendly and Responsive Plugin < 2.3.8 is vulnerable to Cross Site Scripting (XSS)

Software FullScreen Menu – Mobile Friendly and Responsive Type Plugin Vulnerable versions 2.3.8 Fixed in 2.3.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2c0779bc8b91 Credits...

FiveStarPlugins Restaurant Menu and Food Ordering < 2.4.7 - Cross-Site Request Forgery

Description The plugin does not properly validate user-supplied input uses nonces, leading to a potential Cross-Site Request Forgery vulnerability...

WordPress Smart Admin Menu Filter Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Smart Admin Menu Filter Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6bdc701a1bda Credits Rafie Muhammad Patchstack...

CVE-2023-37985

Cross-Site Request Forgery CSRF vulnerability in FiveStarPlugins Restaurant Menu and Food Ordering plugin = 2.4.6 versions...

CVE-2023-37985

Cross-Site Request Forgery CSRF vulnerability in FiveStarPlugins Restaurant Menu and Food Ordering plugin = 2.4.6 versions...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in FiveStarPlugins Restaurant Menu and Food Ordering plugin = 2.4.6 versions...

CVE-2023-37985 WordPress Five Star Restaurant Menu Plugin <= 2.4.6 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in FiveStarPlugins Restaurant Menu and Food Ordering plugin = 2.4.6 versions...

CVE-2023-37985

Technical details beyond the Initial Description are not provided in the connected documents. CVE-2023-37985 is described as a CSRF vulnerability in FiveStarPlugins Restaurant Menu and Food Ordering plugin

WordPress plugin FiveStarPlugins Restaurant Menu and Food Ordering 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

Bubble Menu < 3.0.5 - Admin+ Stored XSS

Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. 1. Click on the "Add new" tab. 2...

PT-2023-26298 · Kofax · Kofax Power Pdf

Name of the Vulnerable Software and Affected Versions: Kofax Power PDF affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a maliciou...