The Better Mega Menu - Moderately critical - Access bypass - SA-CONTRIB-2021-041

This module provides an admin interface for creating drop down menus that combine Drupal menu items with rich media content. This module has a vulnerability whereby users can select blocks as a menu item they don't have permission to view. The vulnerability is mitigated by the fact that it can on...

The Better Mega Menu - Moderately critical - Cross Site Scripting, Information Disclosure, Multiple vulnerabilities - SA-CONTRIB-2021-038

This module provides an admin interface for creating drop down menus that combine Drupal menu items with rich media content. The module does not sanitize values for CSS properties that are added by admins and rendered on the front-end, allowing attackers to inject malicious code into the front-en...

The Better Mega Menu - Critical - Cross Site Request Forgery - SA-CONTRIB-2021-040

This module provides an admin interface for creating drop down menus that combine Drupal menu items with rich media content. The module does not use CSRF tokens to protect routes for saving menu configurations. This vulnerability can be exploited by an anonymous user...

WordPress WP Mega Menu plugin <= 1.4.0 - Arbitrary Post Access vulnerability

Arbitrary Post Access vulnerability discovered by WPScanTeam in WordPress WP Mega Menu plugin versions = 1.4.0. Solution Update the WordPress WP Mega Menu plugin to the latest available version at least 1.4.1...

WP Mega Menu < 1.4.1 - Subscriber+ Arbitrary Post Access

The plugin does not properly check for capability and CSRF due to a logic flaw, in its exporttheme and exportwpmegamenunavmenu methods, hooked as AJAX actions and available to any authenticated users. As a result, low privilege authenticated users such as subscribers can call them and access...

WP Mega Menu < 1.4.0 - Unauthenticated Arbitrary Post Access

The plugin does not properly check for capability and CSRF due to a logic flaw, in its exporttheme and exportwpmegamenunavmenu methods, hooked to admininit. As a result, unauthenticated users can call them and access arbitrary post data, including password protected or private ones. PoC Access an...

WordPress WP Mega Menu plugin <= 1.3.9 - Arbitrary Post Access vulnerability

Arbitrary Post Access vulnerability discovered by WPScanTeam in WordPress WP Mega Menu plugin versions = 1.3.9. Solution Update the WordPress WP Mega Menu plugin to the latest available version at least 1.4.0...

WordPress Catch Sticky Menu plugin <= 1.6.3 - Unauthorized Plugin Setting Change vulnerability

Unauthorized Plugin Setting Change vulnerability discovered by apple502j in WordPress Catch Sticky Menu plugin versions = 1.6.3. Solution Update the WordPress Catch Sticky Menu plugin to the latest available version at least 1.7...

CVE-2021-38321

The Custom Menu Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the selectedmenu parameter found in the /custom-menus.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.3...

CVE-2021-38321

The Custom Menu Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the selectedmenu parameter found in the /custom-menus.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.3...

Cross site scripting

The Custom Menu Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the selectedmenu parameter found in the /custom-menus.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.3...

CVE-2021-38321 Custom Menu Plugin <= 1.3.3 Reflected Cross-Site Scripting

The Custom Menu Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the selectedmenu parameter found in the /custom-menus.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.3...

CVE-2021-38321 Custom Menu Plugin <= 1.3.3 Reflected Cross-Site Scripting

The Custom Menu Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the selectedmenu parameter found in the /custom-menus.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.3...

CVE-2021-38321

The CVE-2021-38321 entry describes a Reflected Cross-Site Scripting vulnerability in the WordPress plugin “Custom Menu Plugin” (versions up to and including 1.3.3). The affected component is the plugin’s file ~/custom-menus.php, with the selected_menu parameter enabling injection of arbitrary scr...

WordPress 插件跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on PHP and MySQL servers. A security vulnerability exists in WordPress plugin Custom Menu Plugin 1.3.3 and earlier versions, which originates...

GHSA-592V-7FRM-H44Q Cross-site scripting in LavaLite-CMS

Cross Site Scripting XSS vulnerability in LavaLite-CMS 5.8.0 via the Menu Links feature...

Cross-site scripting in LavaLite-CMS

Cross Site Scripting XSS vulnerability in LavaLite-CMS 5.8.0 via the Menu Links feature...

WordPress Custom Menu Plugin plugin <= 1.3.3 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Custom Menu Plugin plugin versions = 1.3.3. Solution This plugin has been closed as of September 7, 2021 and is not available for download. This closure is temporary, pending a full review...

CVE-2021-39278

Certain MOXA devices allow reflected XSS via the Config Import menu. This affects WAC-2004 1.7, WAC-1001 2.1, WAC-1001-T 2.1, OnCell G3470A-LTE-EU 1.7, OnCell G3470A-LTE-EU-T 1.7, TAP-323-EU-CT-T 1.3, TAP-323-US-CT-T 1.3, TAP-323-JP-CT-T 1.3, WDR-3124A-EU 2.3, WDR-3124A-EU-T 2.3, WDR-3124A-US 2.3...

CVE-2021-39278

Certain MOXA devices allow reflected XSS via the Config Import menu. This affects WAC-2004 1.7, WAC-1001 2.1, WAC-1001-T 2.1, OnCell G3470A-LTE-EU 1.7, OnCell G3470A-LTE-EU-T 1.7, TAP-323-EU-CT-T 1.3, TAP-323-US-CT-T 1.3, TAP-323-JP-CT-T 1.3, WDR-3124A-EU 2.3, WDR-3124A-EU-T 2.3, WDR-3124A-US 2.3...