Lucene search
K

394 matches found

euvd
euvd
added 2026/03/26 3:30 p.m.3 views

EUVD-2026-16211

A reflected cross-site scripting XSS vulnerability in the /admin/menus component of Lightcms v2.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referer value in the request header...

6.1CVSS5.8AI score0.00203EPSS
Exploits1References2
euvd
euvd
added 2026/03/26 3:30 p.m.4 views

EUVD-2026-16171

The Conditional Menus plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.6. This is due to missing nonce validation on the 'saveoptions' function. This makes it possible for unauthenticated attackers to modify conditional menu assignments vi...

4.3CVSS5.7AI score0.00156EPSS
Exploits0References5
nvd
nvd
added 2026/03/26 3:16 p.m.4 views

CVE-2026-29934

A reflected cross-site scripting XSS vulnerability in the /admin/menus component of Lightcms v2.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referer value in the request header...

6.1CVSS0.00203EPSS
Exploits1References1
nvd
nvd
added 2026/03/26 2:16 p.m.4 views

CVE-2026-1032

The Conditional Menus plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.6. This is due to missing nonce validation on the 'saveoptions' function. This makes it possible for unauthenticated attackers to modify conditional menu assignments vi...

4.3CVSS0.00156EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2026/03/26 1:26 p.m.1 views

CVE-2026-1032 Conditional Menus <= 1.2.6 - Cross-Site Request Forgery to Menu Options Update

The Conditional Menus plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.6. This is due to missing nonce validation on the 'saveoptions' function. This makes it possible for unauthenticated attackers to modify conditional menu assignments vi...

4.3CVSS5.7AI score0.00156EPSS
Exploits0References4
cve
cve
added 2026/03/26 1:26 p.m.8 views

CVE-2026-1032

The CVE-2026-1032 entry concerns the WordPress plugin Conditional Menus . Affected versions: all up to and including 1.2.6. Root cause: missing nonce validation in the save_options function, enabling CSRF. Impact: unauthenticated attackers could modify conditional menu assignments through a forge...

4.3CVSS5.7AI score0.00156EPSS
Exploits0References4
cvelist
cvelist
added 2026/03/26 1:26 p.m.31 views

CVE-2026-1032 Conditional Menus <= 1.2.6 - Cross-Site Request Forgery to Menu Options Update

The Conditional Menus plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.6. This is due to missing nonce validation on the 'saveoptions' function. This makes it possible for unauthenticated attackers to modify conditional menu assignments vi...

4.3CVSS0.00156EPSS
Exploits0References4
cvelist
cvelist
added 2026/03/26 12:0 a.m.24 views

CVE-2026-29934

A reflected cross-site scripting XSS vulnerability in the /admin/menus component of Lightcms v2.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referer value in the request header...

0.00203EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/03/26 12:0 a.m.11 views

Jianhua Sun LightCMS 安全漏洞

Jianhua Sun LightCMS is an open-source application developed by Jianhua Sun. It provides a lightweight CMS system and can also be used as a general-purpose backend management framework. The Jianhua Sun LightCMS v2.0 version has a security vulnerability, which stems from a reflection-type XSS...

6.1CVSS6AI score0.00203EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2026/03/26 12:0 a.m.4 views

PT-2026-28391

Name of the Vulnerable Software and Affected Versions Lightcms version 2.0 Description A reflected cross-site scripting XSS issue exists in the /admin/menus component. This allows attackers to execute arbitrary Javascript within a user's browser by altering the referer value in the request header...

6.1CVSS6AI score0.00203EPSS
Exploits1References3
attackerkb
attackerkb
added 2026/03/26 12:0 a.m.2 views

CVE-2026-29934

A reflected cross-site scripting XSS vulnerability in the /admin/menus component of Lightcms v2.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referer value in the request header...

5.8AI score0.00203EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2026/03/26 12:0 a.m.3 views

CVE-2026-29934

A reflected cross-site scripting XSS vulnerability in the /admin/menus component of Lightcms v2.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referer value in the request header...

5.8AI score0.00203EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/03/26 12:0 a.m.9 views

WordPress plugin Conditional Menus 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.3CVSS5.7AI score0.00156EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/03/26 12:0 a.m.7 views

PT-2026-28310

Name of the Vulnerable Software and Affected Versions Conditional Menus for WordPress versions prior to 1.2.7 Description The Conditional Menus plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF in all versions up to and including 1.2.6. The issue stems from the absence of non...

4.3CVSS5.8AI score0.00156EPSS
Exploits0References7
cve
cve
added 2026/03/26 12:0 a.m.10 views

CVE-2026-29934

CVE-2026-29934 describes a reflected XSS in Lightcms v2.0, specifically the /admin/menus component. An attacker can inject arbitrary JavaScript by manipulating the Referer header in requests, causing the payload to execute in the user’s browser context. Public notes across multiple feeds corrobor...

6.1CVSS5.8AI score0.00203EPSS
Exploits1References1Affected Software1
redhatcve
redhatcve
added 2026/02/21 7:30 p.m.8 views

CVE-2025-69387

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in whatwouldjessedo Simple Retail Menus simple-retail-menus allows PHP Local File Inclusion.This issue affects Simple Retail Menus: from n/a through = 4.2.1...

7.5CVSS5.5AI score0.00339EPSS
Exploits0References1
nvd
nvd
added 2026/02/20 4:22 p.m.4 views

CVE-2025-69387

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in whatwouldjessedo Simple Retail Menus simple-retail-menus allows PHP Local File Inclusion.This issue affects Simple Retail Menus: from n/a through = 4.2.1...

7.5CVSS0.00339EPSS
Exploits0References1
cvelist
cvelist
added 2026/02/20 3:46 p.m.22 views

CVE-2025-69387 WordPress Simple Retail Menus plugin <= 4.2.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in whatwouldjessedo Simple Retail Menus simple-retail-menus allows PHP Local File Inclusion.This issue affects Simple Retail Menus: from n/a through = 4.2.1...

7.5CVSS0.00339EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/02/20 3:46 p.m.4 views

CVE-2025-69387 WordPress Simple Retail Menus plugin <= 4.2.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in whatwouldjessedo Simple Retail Menus simple-retail-menus allows PHP Local File Inclusion.This issue affects Simple Retail Menus: from n/a through = 4.2.1...

7.5CVSS5.5AI score0.00339EPSS
Exploits0References1
cve
cve
added 2026/02/20 3:46 p.m.9 views

CVE-2025-69387

CVE-2025-69387 concerns the WordPress plugin Simple Retail Menus (plugin slug: simple-retail-menus) with affected versions

7.5CVSS5.6AI score0.00339EPSS
Exploits0References1
Rows per page
Query Builder