CVE-2025-49914 WordPress Restaurant Menu by MotoPress plugin <= 2.4.7 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in jetmonsters Restaurant Menu by MotoPress mp-restaurant-menu allows Retrieve Embedded Sensitive Data.This issue affects Restaurant Menu by MotoPress: from n/a through = 2.4.7...

CVE-2025-49914

CVE-2025-49914 affects the WordPress plugin Restaurant Menu by MotoPress, specifically versions through 2.4.7 of the mp-restaurant-menu plugin. The issue is an information disclosure vulnerability: an attacker can retrieve embedded sensitive data, exposing sensitive system information to an unaut...

PT-2025-52017

Name of the Vulnerable Software and Affected Versions Restaurant Menu by MotoPress versions through 2.4.7 Description A flaw exists in Restaurant Menu by MotoPress that allows the retrieval of embedded sensitive data, potentially exposing sensitive system information to an unauthorized control...

WordPress plugin Restaurant Menu by MotoPress 安全漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin Restaurant Menu by...

Mozilla Thunderbird < 16.0

The version of Thunderbird installed on the remote Windows host is prior to 16.0. It is, therefore, affected by a vulnerability as referenced in the mfsa2012-75 advisory. - Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from ...

Mozilla Firefox < 16.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 16.0. It is, therefore, affected by a vulnerability as referenced in the mfsa2012-75 advisory. - Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away...

CVE-2025-67342

RuoYi versions 4.8.1 and earlier is affected by a stored XSS vulnerability in the /system/menu/edit endpoint. While the endpoint is protected by an XSS filter, the protection can be bypassed. Additionally, because the menu is shared across all users, any user with menu modification permissions ca...

EUVD-2025-203096

RuoYi versions 4.8.1 and earlier is affected by a stored XSS vulnerability in the /system/menu/edit endpoint. While the endpoint is protected by an XSS filter, the protection can be bypassed. Additionally, because the menu is shared across all users, any user with menu modification permissions ca...

CVE-2025-67342

RuoYi versions 4.8.1 and earlier is affected by a stored XSS vulnerability in the /system/menu/edit endpoint. While the endpoint is protected by an XSS filter, the protection can be bypassed. Additionally, because the menu is shared across all users, any user with menu modification permissions ca...

CVE-2025-67342

RuoYi versions 4.8.1 and earlier is affected by a stored XSS vulnerability in the /system/menu/edit endpoint. While the endpoint is protected by an XSS filter, the protection can be bypassed. Additionally, because the menu is shared across all users, any user with menu modification permissions ca...

CVE-2025-14170

The Vimeo SimpleGallery plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 0.2. This is due to missing authorization checks on the vimeogalleryadmin function hooked to adminmenu. This makes it possible for authenticated attackers, with Subscriber-lev...

CVE-2025-14170 Vimeo SimpleGallery <= 0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification

The Vimeo SimpleGallery plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 0.2. This is due to missing authorization checks on the vimeogalleryadmin function hooked to adminmenu. This makes it possible for authenticated attackers, with Subscriber-lev...

Ruoyi 安全漏洞

Ruoyi is a backend management system by Ruoyi's individual developers. A security vulnerability exists in Ruoyi 4.8.1 and earlier versions, which stems from a bypassable stored cross-site scripting vulnerability in the /system/menu/edit endpoint that could affect all users...

CVE-2025-67342

RuoYi versions 4.8.1 and earlier is affected by a stored XSS vulnerability in the /system/menu/edit endpoint. While the endpoint is protected by an XSS filter, the protection can be bypassed. Additionally, because the menu is shared across all users, any user with menu modification permissions ca...

PT-2025-50954

Name of the Vulnerable Software and Affected Versions RuoYi versions 4.8.1 and earlier Description The software contains a stored cross-site scripting XSS issue in the /system/menu/edit API endpoint. The existing XSS filter can be bypassed, allowing for exploitation. Because the menu is shared...

CVE-2025-67342

RuoYi versions 4.8.1 and earlier is affected by a stored XSS vulnerability in the /system/menu/edit endpoint. While the endpoint is protected by an XSS filter, the protection can be bypassed. Additionally, because the menu is shared across all users, any user with menu modification permissions ca...

CVE-2025-67342

CVE-2025-67342 affects Ruoyi (RuoYi) 4.8.1 and earlier, with a stored XSS in the /system/menu/edit endpoint where the XSS filter can be bypassed. Because the menu is shared across all users, any user with menu modification permissions can impact all users. Affected component: /system/menu/edit; r...

WordPress Custom Admin Menu plugin <= 1.0.0 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Yousof Nahya in WordPress Plugin Custom Admin Menu versions = 1.0.0...

CVE-2025-13071

The Custom Admin Menu WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2025-63069

Missing Authorization vulnerability in Vinod Dalvi Ivory Search add-search-to-menu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ivory Search: from n/a through = 5.5.12...