394 matches found
EUVD-2026-16211
A reflected cross-site scripting XSS vulnerability in the /admin/menus component of Lightcms v2.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referer value in the request header...
EUVD-2026-16171
The Conditional Menus plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.6. This is due to missing nonce validation on the 'saveoptions' function. This makes it possible for unauthenticated attackers to modify conditional menu assignments vi...
CVE-2026-29934
A reflected cross-site scripting XSS vulnerability in the /admin/menus component of Lightcms v2.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referer value in the request header...
CVE-2026-1032
The Conditional Menus plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.6. This is due to missing nonce validation on the 'saveoptions' function. This makes it possible for unauthenticated attackers to modify conditional menu assignments vi...
CVE-2026-1032 Conditional Menus <= 1.2.6 - Cross-Site Request Forgery to Menu Options Update
The Conditional Menus plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.6. This is due to missing nonce validation on the 'saveoptions' function. This makes it possible for unauthenticated attackers to modify conditional menu assignments vi...
CVE-2026-1032
The CVE-2026-1032 entry concerns the WordPress plugin Conditional Menus . Affected versions: all up to and including 1.2.6. Root cause: missing nonce validation in the save_options function, enabling CSRF. Impact: unauthenticated attackers could modify conditional menu assignments through a forge...
CVE-2026-1032 Conditional Menus <= 1.2.6 - Cross-Site Request Forgery to Menu Options Update
The Conditional Menus plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.6. This is due to missing nonce validation on the 'saveoptions' function. This makes it possible for unauthenticated attackers to modify conditional menu assignments vi...
CVE-2026-29934
A reflected cross-site scripting XSS vulnerability in the /admin/menus component of Lightcms v2.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referer value in the request header...
Jianhua Sun LightCMS 安全漏洞
Jianhua Sun LightCMS is an open-source application developed by Jianhua Sun. It provides a lightweight CMS system and can also be used as a general-purpose backend management framework. The Jianhua Sun LightCMS v2.0 version has a security vulnerability, which stems from a reflection-type XSS...
PT-2026-28391
Name of the Vulnerable Software and Affected Versions Lightcms version 2.0 Description A reflected cross-site scripting XSS issue exists in the /admin/menus component. This allows attackers to execute arbitrary Javascript within a user's browser by altering the referer value in the request header...
CVE-2026-29934
A reflected cross-site scripting XSS vulnerability in the /admin/menus component of Lightcms v2.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referer value in the request header...
CVE-2026-29934
A reflected cross-site scripting XSS vulnerability in the /admin/menus component of Lightcms v2.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referer value in the request header...
WordPress plugin Conditional Menus 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
PT-2026-28310
Name of the Vulnerable Software and Affected Versions Conditional Menus for WordPress versions prior to 1.2.7 Description The Conditional Menus plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF in all versions up to and including 1.2.6. The issue stems from the absence of non...
CVE-2026-29934
CVE-2026-29934 describes a reflected XSS in Lightcms v2.0, specifically the /admin/menus component. An attacker can inject arbitrary JavaScript by manipulating the Referer header in requests, causing the payload to execute in the user’s browser context. Public notes across multiple feeds corrobor...
CVE-2025-69387
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in whatwouldjessedo Simple Retail Menus simple-retail-menus allows PHP Local File Inclusion.This issue affects Simple Retail Menus: from n/a through = 4.2.1...
CVE-2025-69387
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in whatwouldjessedo Simple Retail Menus simple-retail-menus allows PHP Local File Inclusion.This issue affects Simple Retail Menus: from n/a through = 4.2.1...
CVE-2025-69387 WordPress Simple Retail Menus plugin <= 4.2.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in whatwouldjessedo Simple Retail Menus simple-retail-menus allows PHP Local File Inclusion.This issue affects Simple Retail Menus: from n/a through = 4.2.1...
CVE-2025-69387 WordPress Simple Retail Menus plugin <= 4.2.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in whatwouldjessedo Simple Retail Menus simple-retail-menus allows PHP Local File Inclusion.This issue affects Simple Retail Menus: from n/a through = 4.2.1...
CVE-2025-69387
CVE-2025-69387 concerns the WordPress plugin Simple Retail Menus (plugin slug: simple-retail-menus) with affected versions