WordPress plugin Admin Menu Editor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2022-27984

CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menufilter parameter at /administrator/templates/default/html/windows/right.php...

CVE-2022-27984

CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menufilter parameter at /administrator/templates/default/html/windows/right.php...

CuppaCMS SQL注入漏洞

CuppaCMS is a content management system CMS. SQL injection vulnerability exists in CuppaCMS v1.0, which originates from the missing validation of external input in the menufilter parameter in /administrator/templates/default/html/windows/right.php. SQL statement validation. An attacker could use...

championspizzamenu.dk Cross Site Scripting vulnerability OBB-2529699

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

WordPress Admin Menu Editor plugin <= 1.0.4 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Ran Crane in WordPress Admin Menu Editor plugin versions = 1.0.4. Solution Deactivate and delete. This plugin has been closed as of March 9, 2022 and is not available for download. This closure is temporary, pending a full review...

Admin Menu Editor <= 1.0.4 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. https://example.com/wp-admin/options-general.php?page=admin-menu-restriction&role="...

Admin Menu Editor <= 1.0.4 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. PoC https://example.com/wp-admin/options-general.php?page=admin-menu-restriction="...

WordPress Dropdown Menu Widget跨站脚本漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress Dropdown Menu Widget has a cross-site scripting vulnerability that can be exploited by attackers ...

CVE-2021-25113

The Dropdown Menu Widget WordPress plugin through 1.9.7 does not have authorisation and CSRF checks when saving its settings, allowing low privilege users such as subscriber to update them. Due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues...

CVE-2021-25113

The Dropdown Menu Widget WordPress plugin through 1.9.7 does not have authorisation and CSRF checks when saving its settings, allowing low privilege users such as subscriber to update them. Due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues...

WordPress plugin Dropdown Menu Widget 跨站脚本漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress Dropdown Menu Widget has a cross-site scripting vulnerability that can be exploited by attackers ...

CVE-2022-0450

The Menu Image, Icons made easy WordPress plugin before 3.0.6 does not have authorisation and CSRF checks when saving menu settings, and does not validate, sanitise and escape them. As a result, any authenticate users, such as subscriber can update the settings or arbitrary menu and put Cross-Sit...

CVE-2022-0450

The Menu Image, Icons made easy WordPress plugin before 3.0.6 does not have authorisation and CSRF checks when saving menu settings, and does not validate, sanitise and escape them. As a result, any authenticate users, such as subscriber can update the settings or arbitrary menu and put Cross-Sit...

CVE-2022-0450

The CVE-2022-0450 entry concerns the WordPress plugin Menu Image, Icons made easy (versions before 3.0.6). The issue is improper authorization/CSRF protection and lack of input validation, sanitization, and escaping when saving menu settings. As a result, authenticated users (e.g., subscribers) c...

PT-2022-13194 · WordPress · The Menu Image

Name of the Vulnerable Software and Affected Versions: The Menu Image, Icons made easy WordPress plugin version 3.0.6 and earlier Description: The issue arises from the lack of authorization and CSRF checks when saving menu settings. Additionally, the settings are not validated, sanitized, and...

WordPress plugin Menu Image, Icons made easy 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

CVE-2022-0628

The Mega Menu WordPress plugin before 3.0.8 does not sanitize and escape the wpnonce parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...

CVE-2022-0628

The Mega Menu WordPress plugin before 3.0.8 does not sanitize and escape the wpnonce parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...

CVE-2022-0628

The Mega Menu WordPress plugin before 3.0.8 does not sanitize and escape the wpnonce parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...