CVE-2026-8688 Advance Nav Menu Manager <= 1.3 - Missing Authorization to Authenticated (Subscriber+) Nav Menu Item Modification via anmm_save_menu_data AJAX Action

The Advance Nav Menu Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

CVE-2026-8688

The CVE pertains to the WordPress plugin Advance Nav Menu Manager (

CVE-2026-5243

The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to stored cross-site scripting via the menuhoverclick parameter of the Navigation Menu Lite widget in all versions up to, and including, 6.4.11 due to...

CVE-2026-5243

The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to stored cross-site scripting via the menuhoverclick parameter of the Navigation Menu Lite widget in all versions up to, and including, 6.4.11 due to...

CVE-2026-5243 The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.4.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Navigation Menu Lite Widget

The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to stored cross-site scripting via the menuhoverclick parameter of the Navigation Menu Lite widget in all versions up to, and including, 6.4.11 due to...

CVE-2026-5243 The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.4.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Navigation Menu Lite Widget

The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to stored cross-site scripting via the menuhoverclick parameter of the Navigation Menu Lite widget in all versions up to, and including, 6.4.11 due to...

EUVD-2026-30231

The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to stored cross-site scripting via the menuhoverclick parameter of the Navigation Menu Lite widget in all versions up to, and including, 6.4.11 due to...

CVE-2026-5243

The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to stored cross-site scripting via the menuhoverclick parameter of the Navigation Menu Lite widget in all versions up to, and including, 6.4.11 due to...

CVE-2026-5243

CVE-2026-5243 affects The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress. The vulnerability is a stored XSS in the Navigation Menu Lite widget’s menu_hover_click parameter present in all versions up to 6.4.11, caused by insuf...

PT-2026-40869

The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to stored cross-site scripting via the menu hover click parameter of the Navigation Menu Lite widget in all versions up to, and including, 6.4.11 due to...

CI4MS: Menu Management (Pages) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

Summary Vulnerability: Stored DOM XSS via Pages Added to Menu Persistent Payload Injection - Stored Cross-Site Scripting via Unsafe Rendering of Page Entries in Menu Management Description The application fails to properly sanitize user-controlled input when adding Pages to navigation menus throu...

CI4MS 跨站脚本漏洞

CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.31.0.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the improper handling of user input when adding articles to the navigation menu via the menu management feature...

WordPress Master Addons plugin <= 2.0.6.1 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via Navigation Menu Widget vulnerability

Missing Authorization to Unauthenticated Stored Cross-Site Scripting via Navigation Menu Widget vulnerability discovered by Webbernaut in WordPress Plugin Master Addons for Elementor versions = 2.0.6.1...

EUVD-2024-29947

Malicious code in bioql PyPI...

GHSA-79XX-VF93-P7CX Cross-Site Scripting (XSS) vulnerability in generateNavigation() function in PhpSpreadsheet

Summary The researcher discovered zero-day vulnerability Cross-Site Scripting XSS vulnerability in the code which translates the XLSX file into a HTML representation and displays it in the response. Details When generating the HTML from an xlsx file containing multiple sheets, a navigation menu i...

CVE-2024-5542

The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Navigation Menu widget of the plugin's Mega Menu extension in all versions up to, and including, 2.0.6.1 due to insufficient inpu...

CVE-2024-5542

The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Navigation Menu widget of the plugin's Mega Menu extension in all versions up to, and including, 2.0.6.1 due to insufficient inpu...

CVE-2024-32126 WordPress Navigation menu as dropdown Widget plugin <= 1.3.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jeroen Peters Navigation menu as Dropdown Widget allows Stored XSS.This issue affects Navigation menu as Dropdown Widget: from n/a through 1.3.4...

PT-2024-24420 · Unknown · Navigation Menu As Dropdown Widget

Name of the Vulnerable Software and Affected Versions: Navigation menu as Dropdown Widget versions 1.3.4 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting XSS. This means that an attacker can...

WordPress Navigation menu as dropdown Widget plugin <= 1.3.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin Navigation menu as Dropdown Widget versions = 1.3.4...