Lucene search
K

69 matches found

WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.18 views

SlickNav Mobile Menu < 1.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The SlickNav Mobile Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.9CVSS5.9AI score0.00336EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/12/27 12:0 a.m.11 views

WordPress SlickNav Mobile Menu Plugin <= 1.9.2 is vulnerable to Cross Site Scripting (XSS)

Software SlickNav Mobile Menu Type Plugin Vulnerable versions = 1.9.2 Fixed in 1.9.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-51548 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID f9f71fa8ec0f Credits Mika Required privilege...

5.9CVSS6.6AI score0.00336EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.5 views

WordPress WP Mobile Menu Plugin < 2.8.4 is vulnerable to Cross Site Scripting (XSS)

Software WP Mobile Menu Type Plugin Vulnerable versions 2.8.4 Fixed in 2.8.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b62d186dca99 Credits Rafie Muhammad Patchstack Required...

6.8AI score0.00284EPSS
Exploits0References3Affected Software1
wpexploit
wpexploit
added 2022/12/28 12:0 a.m.505 views

ShiftNav – Responsive Mobile Menu < 1.7.2 - Contributor+ Stored XSS in Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...

5.4CVSS1AI score0.00471EPSS
Exploits2
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.14 views

WordPress WP Mobile Menu plugin <= 2.8.2.6 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WP Mobile Menu plugin versions = 2.8.2.6. Solution Update the WordPress WP Mobile Menu plugin to the latest available version at least 2.8.2.7...

3.5AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.11 views

WordPress WP Mobile Menu plugin <= 2.8.2.6 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress WP Mobile Menu plugin versions = 2.8.2.6. Solution Update the WordPress WP Mobile Menu plugin to the latest available version at least 2.8.2.7...

2.3AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2021/08/09 12:0 a.m.10 views

WordPress WP Mobile Menu plugin <= 2.8.2.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by iohex and WPScanTeam in WordPress WP Mobile Menu plugin versions = 2.8.2.2. Solution Update the WordPress WP Mobile Menu plugin to the latest available version at least 2.8.2.3...

2AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2019/03/02 12:0 a.m.10 views

WordPress WP Mobile Menu plugin <=2.7.2 - Authenticated Option Update vulnerability (Fremius Library security issue)

Authenticated Option Update vulnerability Fremius Library security issue found in WordPress WP Mobile Menu plugin versions =2.7.2. Solution Update the WordPress WP Mobile Menu plugin to the latest available version at least 2.7.3...

3.3AI score
Exploits0References2Affected Software1
Drupal
Drupal
added 2018/12/05 12:0 a.m.12 views

Responsive Menus - Moderately critical - Cross site scripting - SA-CONTRIB-2018-079

This module enables you to collapse your sites main menu on mobile, and show a menu toggle button. The module doesn't sufficiently sanitize configuration settings provided by users which leads to a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacke...

5.9AI score
Exploits0References5
Rows per page
Query Builder