CVE-2023-23983

The CVE-2023-23983 entry describes a Cross-Site Request Forgery (CSRF) in the WordPress plugin wpdevart Responsive Vertical Icon Menu (

WordPress plugin Responsive Vertical Icon Menu 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in WordPress plugin...

PT-2023-20566 · Unknown · Stagil Navigation For Jira - Menu & Themes

Name of the Vulnerable Software and Affected Versions: STAGIL Navigation for Jira - Menu & Themes plugin versions prior to 2.0.52 for Jira Description: The issue is an unauthenticated path traversal vulnerability. It affects the ability to access and read the file system by modifying the fileName...

PT-2023-20565 · Unknown · Stagil Navigation For Jira - Menu & Themes

Name of the Vulnerable Software and Affected Versions: STAGIL Navigation for Jira - Menu & Themes plugin versions prior to 2.0.52 for Jira Description: An unauthenticated path traversal issue affects the plugin. By modifying the fileName parameter to the "snjCustomDesignConfig" endpoint, it is...

CVE-2023-26256

An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjFooterNavigationConfig endpoint, it is possible to traverse and read the file system...

CVE-2023-26256

STAGIL Navigation for Jira Menu & Themes plugin (Jira)

[SECURITY] Fedora 37 Update: kmenuedit-5.27.1-1.fc37

KDE menu editor...

Music Gallery Site 1.0 SQL Injection

Music Gallery Site - SQL Injection on page musiclist.php and parameter cid is vulnerable, application url is ?page=musiclist&cid=?. Any remote attacker can access this page to exploit the vulnerbility. Date: 21 February 2023 CVE Assigned: CVE-2023-0938 mitre.org nvd.nist.org Author Name: Muhammad...

CVE-2022-4385

The Intuitive Custom Post Order WordPress plugin before 3.1.4 does not check for authorization in the update-menu-order ajax action, allowing any logged in user with roles as low as Subscriber to update the menu order...

CVE-2022-4386

The Intuitive Custom Post Order WordPress plugin before 3.1.4 lacks CSRF protection in its update-menu-order ajax action, allowing an attacker to trick any user to change the menu order via a CSRF attack...

CVE-2022-4622

The Login Logout Menu WordPress plugin through 1.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2022-4622

The Login Logout Menu WordPress plugin through 1.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

Authorization

The Intuitive Custom Post Order WordPress plugin before 3.1.4 does not check for authorization in the update-menu-order ajax action, allowing any logged in user with roles as low as Subscriber to update the menu order...

Cross site request forgery (csrf)

The Intuitive Custom Post Order WordPress plugin before 3.1.4 lacks CSRF protection in its update-menu-order ajax action, allowing an attacker to trick any user to change the menu order via a CSRF attack...

CVE-2022-4622 Login Logout Menu <= 1.3.3 - Contributor+ Stored XSS in Shortcode

The Login Logout Menu WordPress plugin through 1.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2022-4622 Login Logout Menu <= 1.3.3 - Contributor+ Stored XSS in Shortcode

The Login Logout Menu WordPress plugin through 1.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2022-4622

The CVE-2022-4622 issue affects the WordPress plugin Login Logout Menu (versions

CVE-2022-4385 Intuitive Custom Post Order < 3.1.4 - Subscriber+ Arbitrary Menu Order Update

The Intuitive Custom Post Order WordPress plugin before 3.1.4 does not check for authorization in the update-menu-order ajax action, allowing any logged in user with roles as low as Subscriber to update the menu order...

CVE-2022-4385

Summary: The WordPress plugin Intuitive Custom Post Order (

WordPress Login Logout Menu Plugin <= 1.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Login Logout Menu Type Plugin Vulnerable versions = 1.3.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4622 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 93394eba834d Credits Lana Codes Require...