MAL-2025-9302 Malicious code in @sellerly-kit/dropdown-menu (npm)

The package @sellerly-kit/dropdown-menu was found to contain malicious code...

MAL-2025-28220 Malicious code in omni-law-menu-section (npm)

The package omni-law-menu-section was found to contain malicious code...

MAL-2025-26882 Malicious code in multicolumn-menu (npm)

The package multicolumn-menu was found to contain malicious code...

CVE-2025-8491

The Easy restaurant menu manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the nsceprmsavemenu function. This makes it possible for unauthenticated attackers to upload a men...

CVE-2025-8491 Easy restaurant menu manager <= 2.0.2 - Cross-Site Request Forgery to Menu Upload

The Easy restaurant menu manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the nsceprmsavemenu function. This makes it possible for unauthenticated attackers to upload a men...

CVE-2025-8491 Easy restaurant menu manager <= 2.0.2 - Cross-Site Request Forgery to Menu Upload

The Easy restaurant menu manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the nsceprmsavemenu function. This makes it possible for unauthenticated attackers to upload a men...

CVE-2025-8491

CVE-2025-8491 concerns the Easy restaurant menu manager plugin for WordPress. The vulnerability is a Cross-Site Forgery (CSRF) due to missing/incorrect nonce validation in the nsc_eprm_save_menu() function, allowing unauthenticated attackers to upload a menu file by tricking an administrator. Aff...

WordPress plugin Easy restaurant menu manager 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

PT-2025-32963 · WordPress · Easy Restaurant Menu Manager

Name of the Vulnerable Software and Affected Versions: Easy restaurant menu manager plugin for WordPress versions prior to 2.0.3 Description: The plugin is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation in the nsc eprm save menu function. This allows...

WordPress Easy restaurant menu manager plugin <= 2.0.2 - Cross-Site Request Forgery to Menu Upload vulnerability

Cross-Site Request Forgery to Menu Upload vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Easy pdf restaurant menu upload versions = 2.0.2...

CVE-2025-8528

A vulnerability classified as problematic has been found in Exrick xboot up to 3.3.4. Affected is an unknown function of the file /xboot/permission/getMenuList. The manipulation leads to cleartext storage of sensitive information in a cookie. It is possible to launch the attack remotely. The...

CVE-2025-52358

A cross-site scripting vulnerability in Vivaldi United Group iCONTROL+ Server including Firmware version 4.7.8.0.eden Logic version 5.32 and below. This issue allows attackers to inject JavaScript payloads within the error or edit-menu-item parameters which are then executed in the victim's brows...

The vulnerability of the menu_nat_more_asp() function in the D-Link DI-8100 router microprogramming software, which allows a hacker to cause a service failure

The vulnerability of the menunatmoreasp function in D-link DI-8100 router microprogramming software is related to buffer overflow in the stack. Exploiting this vulnerability can allow an attacker to cause a service failure remotely...

WordPress Restaurant Menu by MotoPress Cross-Site Request Forgery Vulnerability

WordPress Restaurant Menu by MotoPress is a menu plugin designed for the restaurant industry that supports free downloads and can be enhanced by adding paid extensions. WordPress Restaurant Menu by MotoPress has a cross-site request forgery vulnerability, the vulnerability stems from the WEB...

PHP Remote File Inclusion

Overview dolibarr/dolibarr is a modern and easy to use web software to manage your business. Affected versions of this package are vulnerable to PHP Remote File Inclusion in the perms process of menu creation and editing, where user-supplied input is evaluated without sufficient filtering of...

Dolibarr has Remote Code Execution Vulnerability (Bypass)

Summary The Dolibarr backend provides the function of adding Menu, and supports setting permissions for the added Menu: This is the trigger point of the vulnerability. The submitted permission can be php code, and it will be executed when viewing the created Menu: - htdocs/admin/menus/edit.php As...

GHSA-49XW-HW94-FMV2 Dolibarr has Remote Code Execution Vulnerability (Bypass)

Summary The Dolibarr backend provides the function of adding Menu, and supports setting permissions for the added Menu: This is the trigger point of the vulnerability. The submitted permission can be php code, and it will be executed when viewing the created Menu: - htdocs/admin/menus/edit.php As...

PT-2025-31592 · Packagist · Dolibarr/Dolibarr

Summary The Dolibarr backend provides the function of adding Menu, and supports setting permissions for the added Menu: This is the trigger point of the vulnerability. The submitted permission can be php code, and it will be executed when viewing the created Menu: - htdocs/admin/menus/edit.php As...

CVE-2025-54038

Cross-Site Request Forgery CSRF vulnerability in jetmonsters Restaurant Menu by MotoPress mp-restaurant-menu allows Cross Site Request Forgery.This issue affects Restaurant Menu by MotoPress: from n/a through = 2.4.6...

CVE-2025-1729

A DLL hijacking vulnerability was reported in TrackPoint Quick Menu software that, under certain conditions, could allow a local attacker to escalate privileges...