69 matches found
SlickNav Mobile Menu < 1.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The SlickNav Mobile Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress SlickNav Mobile Menu Plugin <= 1.9.2 is vulnerable to Cross Site Scripting (XSS)
Software SlickNav Mobile Menu Type Plugin Vulnerable versions = 1.9.2 Fixed in 1.9.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-51548 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID f9f71fa8ec0f Credits Mika Required privilege...
WordPress WP Mobile Menu Plugin < 2.8.4 is vulnerable to Cross Site Scripting (XSS)
Software WP Mobile Menu Type Plugin Vulnerable versions 2.8.4 Fixed in 2.8.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b62d186dca99 Credits Rafie Muhammad Patchstack Required...
ShiftNav – Responsive Mobile Menu < 1.7.2 - Contributor+ Stored XSS in Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...
WordPress WP Mobile Menu plugin <= 2.8.2.6 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WP Mobile Menu plugin versions = 2.8.2.6. Solution Update the WordPress WP Mobile Menu plugin to the latest available version at least 2.8.2.7...
WordPress WP Mobile Menu plugin <= 2.8.2.6 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress WP Mobile Menu plugin versions = 2.8.2.6. Solution Update the WordPress WP Mobile Menu plugin to the latest available version at least 2.8.2.7...
WordPress WP Mobile Menu plugin <= 2.8.2.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by iohex and WPScanTeam in WordPress WP Mobile Menu plugin versions = 2.8.2.2. Solution Update the WordPress WP Mobile Menu plugin to the latest available version at least 2.8.2.3...
WordPress WP Mobile Menu plugin <=2.7.2 - Authenticated Option Update vulnerability (Fremius Library security issue)
Authenticated Option Update vulnerability Fremius Library security issue found in WordPress WP Mobile Menu plugin versions =2.7.2. Solution Update the WordPress WP Mobile Menu plugin to the latest available version at least 2.7.3...
Responsive Menus - Moderately critical - Cross site scripting - SA-CONTRIB-2018-079
This module enables you to collapse your sites main menu on mobile, and show a menu toggle button. The module doesn't sufficiently sanitize configuration settings provided by users which leads to a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacke...