WordPress jQuery Dropdown Menu plugin <= 3.0 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin jQuery Dropdown Menu versions = 3.0...

WordPress WP Category Dropdown plugin <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via align Parameter vulnerability discovered by Francesco Carlucci in WordPress Plugin WP Category Dropdown versions = 1.8...

WordPress Dropdown Multisite selector Plugin <= 0.9.2 is vulnerable to Cross Site Scripting (XSS)

Software Dropdown Multisite selector Type Plugin Vulnerable versions = 0.9.2 Fixed in 0.9.2.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29910 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 070110679b87 Credits LVT-tholv2k Required...

CVE-2021-25113

The Dropdown Menu Widget WordPress plugin through 1.9.7 does not have authorisation and CSRF checks when saving its settings, allowing low privilege users such as subscriber to update them. Due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues...