3943 matches found
CVE-2025-8623
The WeedMaps Menu for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's weedmapsmenu shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-8623
CVE-2025-8623 : The WeedMaps Menu for WordPress plugin is vulnerable to Stored Cross-Site Scripting via the plugin’s weedmaps_menu shortcode in versions
CVE-2025-8623 WeedMaps Menu for WordPress <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via weedmaps_menu Shortcode
The WeedMaps Menu for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's weedmapsmenu shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-8623 WeedMaps Menu for WordPress <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via weedmaps_menu Shortcode
The WeedMaps Menu for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's weedmapsmenu shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress WeedMaps Menu for WordPress plugin <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via weedmaps_menu Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via weedmapsmenu Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WeedMaps Menu versions = 1.2.0...
WordPress plugin WeedMaps Menu 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin ... A cross-site...
PT-2025-39943
Name of the Vulnerable Software and Affected Versions WeedMaps Menu for WordPress plugin versions prior to 1.2.1 Description The software contains a flaw due to inadequate input sanitization and output escaping on user-supplied attributes within the weedmaps menu shortcode. This allows...
CVE-2025-9893
The VM Menu Reorder plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the vmsettodefault function. This makes it possible for unauthenticated attackers to reset all menu...
CVE-2025-11019
A vulnerability has been found in Total.js CMS up to 19.9.0. This impacts an unknown function of the component Files Menu. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used...
CVE-2025-60113
Cross-Site Request Forgery CSRF vulnerability in grooni Groovy Menu groovy-menu-free allows Cross Site Request Forgery.This issue affects Groovy Menu: from n/a through = 1.4.3...
CVE-2025-9893
The VM Menu Reorder plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the vmsettodefault function. This makes it possible for unauthenticated attackers to reset all menu...
CVE-2025-9893 VM Menu Reorder plugin <= 1.0.0 - Cross-Site Request Forgery to Settings Update
The VM Menu Reorder plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the vmsettodefault function. This makes it possible for unauthenticated attackers to reset all menu...
CVE-2025-9893 VM Menu Reorder plugin <= 1.0.0 - Cross-Site Request Forgery to Settings Update
The VM Menu Reorder plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the vmsettodefault function. This makes it possible for unauthenticated attackers to reset all menu...
CVE-2025-9893
The vulnerability CVE-2025-9893 affects the VM Menu Reorder plugin for WordPress (Product: VM Menu Reorder plugin). The issue is Cross-Site Request Forgery (CSRF) in versions up to and including 1.0.0, caused by missing or incorrect nonce validation on the vm_set_to_default function. This weaknes...
WordPress VM Menu Reorder plugin plugin <= 1.0.0 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by Nabil Irawan in WordPress Plugin VM Menu Reorder versions = 1.0.0...
WordPress plugin VM Menu Reorder 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...
PT-2025-39713
Name of the Vulnerable Software and Affected Versions VM Menu Reorder plugin for WordPress versions prior to 1.0.1 Description The software is susceptible to a Cross-Site Request Forgery CSRF issue. This is because of a lack of, or incorrect, nonce validation in the vm set to default function. An...
CVE-2025-11019
A vulnerability has been found in Total.js CMS up to 19.9.0. This impacts an unknown function of the component Files Menu. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used...
CVE-2025-11019
A vulnerability has been found in Total.js CMS up to 19.9.0. This impacts an unknown function of the component Files Menu. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used...
CVE-2025-11019
Total.js CMS (up to 19.9.0) has a cross-site scripting vulnerability in the Files Menu component caused by manipulation of an unknown function. The issue can be exploited remotely and an exploit has been disclosed publicly. The connected documents consistently reference Total.js CMS and the Files...