3941 matches found
CVE-2023-29848
Bang Resto 1.0 was discovered to contain a stored cross-site scripting XSS vulnerability via the itemName parameter in the admin/menu.php Add New Menu function...
CVE-2023-49221
Precor touchscreen console P62, P80, and P82 could allow a remote attacker within the local network to bypass security restrictions, and access the service menu, because there is a hard-coded service code...
CVE-2018-12884
In Octopus Deploy 3.0 onwards before 2018.6.7, an authenticated user with incorrect permissions may be able to create Accounts under the Infrastructure menu...
CVE-2025-13862
The Menu Card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the category parameter in all versions up to, and including, 0.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...
CVE-2025-13704
The Autogen Headers Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headclass' parameter of the 'autogenmenu' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2025-13862
CVE-2025-13862 affects the Menu Card WordPress plugin: Stored XSS via the category parameter in versions up to 0.8.0, exploitable by authenticated attackers with Contributor+ privileges. The Wordfence entry notes the vulnerability is currently unpatched in the affected versions; no remediation de...
CVE-2025-13862 Menu Card <= 0.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Menu Card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the category parameter in all versions up to, and including, 0.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...
CVE-2025-13862 Menu Card <= 0.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Menu Card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the category parameter in all versions up to, and including, 0.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...
CVE-2025-13704
CVE-2025-13704 affects the Autogen Headers Menu WordPress plugin. The issue is a stored cross-site scripting (XSS) in the shortcode parameter head_class used by the autogen_menu shortcode. The vulnerability arises from insufficient input sanitization and output escaping in all versions up to and ...
CVE-2025-13704 Autogen Headers Menu <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'head_class' Shortcode Parameter
The Autogen Headers Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headclass' parameter of the 'autogenmenu' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2025-13704 Autogen Headers Menu <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'head_class' Shortcode Parameter
The Autogen Headers Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'headclass' parameter of the 'autogenmenu' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2022-0625
The Admin Menu Editor WordPress plugin through 1.0.4 does not sanitize and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...
CVE-2022-0313
The Float menu WordPress plugin before 4.3.1 does not have CSRF check in place when deleting menu, which could allow attackers to make a logged in admin delete them via a CSRF attack...
CVE-2022-0628
The Mega Menu WordPress plugin before 3.0.8 does not sanitize and escape the wpnonce parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...
CVE-2020-24061
Cross Site Scripting XSS Vulnerability in Firewall menu in Control Panel in KASDA KW5515 version 4.3.1.0, allows attackers to execute arbitrary code and steal cookies via a crafted script...
CVE-2023-49855
Cross-Site Request Forgery CSRF vulnerability in BinaryCarpenter Menu Bar Cart Icon For WooCommerce By Binary Carpenter.This issue affects Menu Bar Cart Icon For WooCommerce By Binary Carpenter: from n/a through 1.49.3...
CVE-2025-23686
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in phpdevca Admin Menu Organizer admin-menu-organizer allows Reflected XSS.This issue affects Admin Menu Organizer: from n/a through = 1.0.1...
PT-2026-1719
Name of the Vulnerable Software and Affected Versions Menu Card versions up to and including 0.8.0 Description The Menu Card plugin for WordPress is susceptible to Stored Cross-Site Scripting through the category parameter. Insufficient input sanitization and output escaping allow authenticated...
PT-2026-1708
Name of the Vulnerable Software and Affected Versions Autogen Headers Menu plugin for WordPress versions up to and including 1.0.1 Description The Autogen Headers Menu plugin for WordPress is susceptible to Stored Cross-Site Scripting through the head class parameter of the autogen menu shortcode...
WordPress plugin Autogen Headers Menu 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...