3948 matches found
CVE-2023-1575
The Mega Main Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings parameters in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
Cross site scripting
The Mega Main Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings parameters in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2023-1575 Mega Main Menu <= 2.2.2 - Authenticated (Administrator+) Cross-Site Scripting
The Mega Main Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings parameters in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2023-1575
The CVE-2023-1575 entry describes a Stored XSS flaw in the Mega Main Menu WordPress plugin up to version 2.2.2, stemming from insufficient input sanitization and output escaping. Exploitation requires authenticated admin-level access and affects multisite installs or sites with unfiltered_html di...
PT-2023-17091 · WordPress · Mega Main Menu
Name of the Vulnerable Software and Affected Versions: Mega Main Menu plugin for WordPress versions up to, and including, 2.2.2 Description: The issue is related to Stored Cross-Site Scripting via some of the plugin's settings parameters due to insufficient input sanitization and output escaping...
WordPress Plugin Mega Main Menu 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
March 28, 2023—KB5023778 (OS Build 22621.1485) Preview
March 28, 2023—KB5023778 OS Build 22621.1485 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 22H2, see its update history page. Note Follow @WindowsUpdate to...
CVE-2023-0395
The menu shortcode WordPress plugin through 1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0395
The menu shortcode WordPress plugin through 1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0395 menu shortcode <= 1.0 - Contributor+ Stored XSS via Shortcode
The menu shortcode WordPress plugin through 1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WordPress plugin menu shortcode 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
CVE-2023-1594
CVE-2023-1594 affects novel-plus 3.6.2, specifically the MenuService in sys/menu/list. The root cause is improper handling of the sort argument, enabling SQL injection. Exploitation is possible remotely, and public exploit information exists. Several sources (NVD, Red Hat, CNNVD, OSV, etc.) concu...
PT-2023-17103 · Unknown · Novel-Plus
Name of the Vulnerable Software and Affected Versions: novel-plus version 3.6.2 Description: A critical vulnerability was found in the function MenuService of the file sys/menu/list. The manipulation of the argument sort leads to SQL injection. It is possible to launch the attack remotely...
novel-plus SQL注入漏洞
novel-plus novel-plus is a multi-end PC, WAP reading, full-featured original literature CMS system. A SQL injection vulnerability exists in novel-plus version 3.6.2, which originates from a security issue in the function MenuService in file sys/menu/list, which leads to an SQL injection via the...
WordPress TH Side Cart and Menu Cart for Woocommerce Plugin <= 1.1.1 is vulnerable to Broken Access Control
Software TH Side Cart and Menu Cart for Woocommerce Type Plugin Vulnerable versions = 1.1.1 Fixed in 1.1.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-25969 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 10817e38fa3d Credits...
WordPress If Menu Plugin <= 0.16.3 is vulnerable to Broken Access Control
Software If Menu Type Plugin Vulnerable versions = 0.16.3 Fixed in 0.17.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-41698 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 6fd87b73bf2d Credits Nguyen Anh Tien Required...
CVE-2023-1392
A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. Affected by this vulnerability is the function savemenu. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public a...
PT-2023-16950 · Unknown · Sourcecodester Online Pizza Ordering System
Name of the Vulnerable Software and Affected Versions: SourceCodester Online Pizza Ordering System version 1.0 Description: A critical issue has been found, affecting the save menu function, which leads to unrestricted upload. The attack can be launched remotely. Recommendations: For SourceCodest...
Online Pizza Ordering System 代码问题漏洞
Online Pizza Ordering System is an online pizza ordering system by Carlo Montero Personal Developer. A code issue vulnerability exists in SourceCodester Online Pizza Ordering System version 1.0, which stems from a security issue in the function savemenu that results in unrestricted uploads...
Persistence – Context Menu
Context menu provides shortcuts to the user in order to perform a number of actions. The context menu is invoked with a right mouse click… Continue reading - Persistence - Context Menu...