Menu Image, Icons made easy < 3.0.8 - Subscriber+ Stored Cross-Site Scripting

The plugin does not have authorisation and CSRF checks when saving menu settings, and does not validate, sanitise and escape them. As a result, any authenticate users, such as subscriber can update the settings or arbitrary menu and put Cross-Site Scripting payloads in them which will be triggere...

CVE-2021-24971

The WP Responsive Menu WordPress plugin before 3.1.7.1 does not have capability and CSRF checks in the wprliveupdate AJAX action, as well as do not sanitise and escape some of the data submitted. As a result, any authenticated, such as subscriber could update the plugin's settings and perform...

CVE-2021-24971

The WP Responsive Menu WordPress plugin before 3.1.7.1 does not have capability and CSRF checks in the wprliveupdate AJAX action, as well as do not sanitise and escape some of the data submitted. As a result, any authenticated, such as subscriber could update the plugin's settings and perform...

CVE-2021-24971

CVE-2021-24971 affects the WordPress WP Responsive Menu plugin prior to 3.1.7.1. Root cause: lacking capability and CSRF checks in the wpr_live_update AJAX action and insufficient sanitization/escaping of submitted data, allowing an authenticated user (e.g., subscriber) to modify plugin settings ...

CVE-2021-24971 WP Responsive Menu < 3.1.7.1 - Subscriber+ Settings Update to Stored XSS

The WP Responsive Menu WordPress plugin before 3.1.7.1 does not have capability and CSRF checks in the wprliveupdate AJAX action, as well as do not sanitise and escape some of the data submitted. As a result, any authenticated, such as subscriber could update the plugin's settings and perform...

WordPress WP Mobile Menu plugin <= 2.8.2.6 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WP Mobile Menu plugin versions = 2.8.2.6. Solution Update the WordPress WP Mobile Menu plugin to the latest available version at least 2.8.2.7...

WordPress WP Mobile Menu plugin <= 2.8.2.6 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress WP Mobile Menu plugin versions = 2.8.2.6. Solution Update the WordPress WP Mobile Menu plugin to the latest available version at least 2.8.2.7...

WordPress Advance Menu Manager plugin <= 3.0.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Advance Menu Manager plugin versions = 3.0.1. Solution Update the WordPress Advance Menu Manager plugin to the latest available version at least 3.0.2...

WordPress AP Mega Menu plugin <= 3.0.7 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Ran Crane in WordPress AP Mega Menu plugin versions = 3.0.7. Solution Update the WordPress AP Mega Menu plugin to the latest available version at least 3.0.8...

WordPress FullScreen Menu – Mobile Friendly and Responsive plugin <= 2.2.7 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress FullScreen Menu – Mobile Friendly and Responsive plugin versions = 2.2.7. Solution Update the WordPress FullScreen Menu – Mobile Friendly and Responsive plugin to the latest available version at least...

WordPress Iks Menu – WordPress Category Accordion Menu plugin <= 1.9.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Iks Menu – WordPress Category Accordion Menu plugin versions = 1.9.1. Solution Update the WordPress Iks Menu – WordPress Category Accordion Menu plugin to the latest available version at least 1.9.2...

WordPress Iks Menu – WordPress Category Accordion Menu plugin <= 1.9.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Iks Menu – WordPress Category Accordion Menu plugin versions = 1.9.1. Solution Update the WordPress Iks Menu – WordPress Category Accordion Menu plugin to the latest available version at least 1.9.2...

WordPress Menu Image, Icons made easy plugin <= 3.0.5 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Menu Image, Icons made easy plugin versions = 3.0.5. Solution Update the WordPress Menu Image, Icons made easy plugin to the latest available version at least 3.0.6...

WordPress Menu Item Scheduler plugin <= 1.0.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Menu Item Scheduler plugin versions = 1.0.0. Solution No patched version available...

WordPress Menu Image, Icons made easy plugin <= 3.0.5 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Menu Image, Icons made easy plugin versions = 3.0.5. Solution Update the WordPress Menu Image, Icons made easy plugin to the latest available version at least 3.0.6...

WordPress User Menus – Nav Menu Visibility plugin < 1.2.8 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress User Menus – Nav Menu Visibility plugin versions 1.2.8. Solution Update the WordPress User Menus – Nav Menu Visibility plugin to the latest available version at least 1.2.8...

WordPress Smart Admin Menu Filter plugin <= 1.0.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Smart Admin Menu Filter plugin versions = 1.0.1. Solution No patched version available...

BookingPress < 1.0.11 - Unauthenticated SQL Injection

The plugin fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the bookingpressfrontgetcategoryservices AJAX action available to unauthenticated users, leading to an unauthenticated SQL Injection - Create a new "category" and associate i...

WordPress User Menus – Nav Menu Visibility plugin < 1.2.8 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress User Menus – Nav Menu Visibility plugin versions 1.2.8. Solution Update the WordPress User Menus – Nav Menu Visibility plugin to the latest available version at least 1.2.8...

WordPress 跨站脚本漏洞

WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on PHP and MySQL servers. cross-site scripting vulnerability exists in versions of WordPress WP Responsive Menu plugin prior to 3.1.7.1,...