Cross site scripting

The Mega Menu WordPress plugin before 3.0.8 does not sanitize and escape the wpnonce parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...

CVE-2022-0628 AP Mega Menu < 3.0.8 - Reflected Cross-Site Scripting

The Mega Menu WordPress plugin before 3.0.8 does not sanitize and escape the wpnonce parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...

CVE-2022-0628

CVE-2022-0628 affects the WordPress plugin Mega Menu prior to version 3.0.8. The vulnerability stems from not sanitizing/escaping the _wpnonce parameter before echoing it on an admin page, enabling Reflected Cross-Site Scripting. Impact is a user/admin-page XSS exposure as described across NVD/Re...

WordPress plugin Mega Menu 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress...

CVE-2022-25602

Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin versions = 4.1.7...

CVE-2022-25602 WordPress Responsive Menu plugin <= 4.1.7 - Nonce token leak leading to arbitrary file upload, theme deletion, plugin settings change vulnerability

Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin versions = 4.1.7...

CVE-2022-25602 WordPress Responsive Menu plugin <= 4.1.7 - Nonce token leak leading to arbitrary file upload, theme deletion, plugin settings change vulnerability

Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin versions = 4.1.7...

CVE-2022-25602

CVE-2022-25602 affects the WordPress Responsive Menu plugin (versions ≤ 4.1.7). A nonce token leak enables arbitrary file upload, theme deletion, and plugin settings changes. Multiple connected sources (Patchstack, WPVulndb, NVD/NVD-derived entries) corroborate the impact and prioritization as a ...

WordPress plugin Responsive Menu 代码问题漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. WordPress plugin Responsive Menu has a security vulnerability...

WordPress Responsive Menu plugin <= 4.1.7 - Nonce token leak leading to arbitrary file upload, theme deletion, plugin settings change vulnerability

Nonce token leak leading to arbitrary file upload, theme deletion, plugin settings change vulnerability discovered by Dave Jong Patchstack in WordPress Responsive Menu plugin versions = 4.1.7. Solution Update the WordPress Responsive Menu plugin to the latest available version at least 4.1.8...

WordPress WP Home Page Menu plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is a WordPress application plugin. WordPress WP Home Page Menu plugin versions prior to 3.1 contain a cross-site scripting vulnerability that stems from the plugin's failure to...

CVE-2022-0684

The WP Home Page Menu WordPress plugin before 3.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-0684

The WP Home Page Menu WordPress plugin before 3.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-0684

The WP Home Page Menu WordPress plugin before 3.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-0684 WP Home Page Menu < 3.1 - Admin+ Stored Cross-Site Scripting

The WP Home Page Menu WordPress plugin before 3.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-0684

CVE-2022-0684 affects the WordPress plugin “WP Home Page Menu” pre-3.1. The vulnerability stems from insufficient sanitisation/escaping of the plugin’s settings, enabling stored Cross-Site Scripting (XSS) by high-privilege users (e.g., admins) even when unfiltered_html is disallowed. The impact i...

WordPress Dropdown Menu Widget plugin <= 1.9.7 - Arbitrary Settings Update leading to Stored Cross-Site Scripting (XSS) vulnerability

Arbitrary Settings Update leading to Stored Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Dropdown Menu Widget plugin versions = 1.9.7. Solution Deactivate and delete. This plugin has been closed as of March 7, 2022 and is not available for download. This closu...

WordPress plugin 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is a WordPress application plugin. WordPress WP Home Page Menu plugin versions prior to 3.1 contain a cross-site scripting vulnerability that stems from the plugin's failure to...

WordPress Menu Image, Icons made easy plugin <= 3.0.7 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Menu Image, Icons made easy plugin versions = 3.0.7. Solution Update the WordPress Menu Image, Icons made easy plugin to the latest available version at least 3.0.8...

Menu Image, Icons made easy < 3.0.8 - Subscriber+ Stored Cross-Site Scripting

The plugin does not have authorisation and CSRF checks when saving menu settings, and does not validate, sanitise and escape them. As a result, any authenticate users, such as subscriber can update the settings or arbitrary menu and put Cross-Site Scripting payloads in them which will be triggere...