CVE-2023-0257

A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /fos/admin/index.php?page=menu of the component Menu Form. The manipulation of the argument Image with the input...

CVE-2023-0257 SourceCodester Online Food Ordering System Menu Form unrestricted upload

A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /fos/admin/index.php?page=menu of the component Menu Form. The manipulation of the argument Image with the input...

Online Food Ordering System 代码问题漏洞

Online Food Ordering System is an online food ordering system. Online Food Ordering System suffers from an arbitrary file upload vulnerability, which stems from a lack of validation of the uploaded file in the file /fos/admin/index.php?page=menu of the component Menu Form, and can be exploited by...

WordPress Mega Main Menu Plugin <= 2.2.2 is vulnerable to Sensitive Data Exposure

Software Mega Main Menu Type Plugin Vulnerable versions = 2.2.2 Fixed in N/A OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE N/A Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID f8d7f453705f Credits indoushka Required privilege...

PT-2023-16117 · Unknown · Sourcecodester Online Food Ordering System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Food Ordering System version 2.0 Description: A critical issue affects an unknown functionality of the file /fos/admin/index.php?page=menu of the component Menu Form. The manipulation of the argument Image with the input...

CVE-2023-22959

WebChess through 0.9.0 and 1.0.0.rc2 allows SQL injection: mainmenu.php, chess.php, and opponentspassword.php txtFirstName, txtLastName...

CVE-2022-4707

The Royal Elementor Addons plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.59. This is due to missing nonce validation in the 'wprcreatemegamenutemplate' AJAX function. This allows unauthenticated attackers to create Mega Menu templates,...

CVE-2022-4711

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprsavemegamenusettings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to enable and modify Mega Menu...

CVE-2022-4711

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprsavemegamenusettings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to enable and modify Mega Menu...

CVE-2022-4711

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprsavemegamenusettings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to enable and modify Mega Menu...

Improper access control

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprsavemegamenusettings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to enable and modify Mega Menu...

CVE-2022-4711 Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Menu Settings Update

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprsavemegamenusettings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to enable and modify Mega Menu...

WordPress Mega Main Menu 2.2.2 Information Disclosure

==================================================================================================================================== | Title : WordPress Menu Plugin - Mega Main Menu v2.2.2 unauthorized backup download Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro ...

Royal Elementor Addons < 1.3.60 - Menu Template Creation via CSRF

The plugin does not have CSRF check when creating menu templates, which could allow attackers to make a logged in admin perform such action via a CSRF attack...

Royal Elementor Addons < 1.3.60 - Subscriber+ Mega Menu Settings Update

The plugin does not have authorisation and CSRF checks when updating the mega menu settings, which could allow any authenticated user, such as subscriber to perform such action...

WordPress plugin Royal Elementor Addons 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

PT-2023-15173 · WordPress · Royal Elementor Addons

Name of the Vulnerable Software and Affected Versions: The Royal Elementor Addons plugin for WordPress versions up to, and including, 1.3.59 Description: The issue is related to insufficient access control in the 'wpr save mega menu settings' AJAX action. This allows any authenticated user,...

PT-2023-15150 · WordPress · Royal Elementor Addons

Name of the Vulnerable Software and Affected Versions: The Royal Elementor Addons plugin for WordPress versions up to, and including, 1.3.59 Description: The issue is due to missing nonce validation in the wpr create mega menu template AJAX function, allowing unauthenticated attackers to create...

VulnCheck KEV: CVE-2022-4711

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprsavemegamenusettings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to enable and modify...

WordPress Restaurant Menu – Food Ordering System – Table Reservation Plugin < 2.3.6 is vulnerable to Cross Site Scripting (XSS)

Software Restaurant Menu – Food Ordering System – Table Reservation Type Plugin Vulnerable versions 2.3.6 Fixed in 2.3.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4657 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSI...