204 matches found
PT-2024-34761 · Duogeek · Duogeek Custom Admin Menu
Name of the Vulnerable Software and Affected Versions: DuoGeek Custom Admin Menu versions n/a through 1.0.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS in DuoGeek Custom Admin...
WordPress plugin Custom Admin Menu 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress Custom Admin Menu plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Custom Admin Menu versions = 1.0.0...
WordPress Custom Admin Menu Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)
Software Custom Admin Menu Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51618 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID bbf3ecaf90b5 Credits SOPROBRO Required privilege Contributo...
CVE-2023-26690
File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via File Manager/Editor component in the vendor or admin menu...
CVE-2024-7277
A vulnerability was found in itsourcecode Alton Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/menu.php of the component Add a Menu. The manipulation of the argument image leads to unrestricted upload. The attack may be...
itsourcecode Alton Management System 代码问题漏洞
itsourcecode Alton Management System is an online restaurant management system from itsourcecode. A code issue vulnerability exists in version 1.0 of itsourcecode Alton Management System, which stems from an unrestricted file upload vulnerability in the image function of the /admin/menu.php of th...
Super Page Cache for Cloudflare < 4.7.6 - Cross-Site Request Forgery
Description The Super Page Cache for Cloudflare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.7.5. This is due to missing or incorrect nonce validation on the adminmenupageindex function. This makes it possible for unauthenticated attackers t...
SendPress Newsletters <= 1.23.11.6 - Admin+ Stored XSS via Settings
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Click SendPress in the Admin menu...
PT-2024-19930 · Unknown · Dreamer Cms
Name of the Vulnerable Software and Affected Versions: Dreamer CMS version 4.1.3 Description: A problematic issue was found in the software, affecting an unknown function of the file /admin/menu/toEdit. The manipulation of the id argument leads to cross-site request forgery. It is possible to...
CVE-2024-24876
Cross-Site Request Forgery CSRF vulnerability in Janis Elsts Admin Menu Editor.This issue affects Admin Menu Editor: from n/a through 1.12...
CVE-2024-24876
Cross-Site Request Forgery CSRF vulnerability in Janis Elsts Admin Menu Editor.This issue affects Admin Menu Editor: from n/a through 1.12...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Janis Elsts Admin Menu Editor.This issue affects Admin Menu Editor: from n/a through 1.12...
CVE-2024-24876 WordPress Admin Menu Editor Plugin <= 1.12 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Janis Elsts Admin Menu Editor.This issue affects Admin Menu Editor: from n/a through 1.12...
CVE-2024-24876 WordPress Admin Menu Editor Plugin <= 1.12 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Janis Elsts Admin Menu Editor.This issue affects Admin Menu Editor: from n/a through 1.12...
CVE-2024-24876
CVE-2024-24876 is a CSRF vulnerability in the WordPress plugin Admin Menu Editor affecting versions
WordPress Plugin Admin Menu Editor Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
PT-2024-20632 · Unknown · Admin Menu Editor
Name of the Vulnerable Software and Affected Versions: Admin Menu Editor versions 1.12 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the Admin Menu Editor. This allows an attacker to perform unintended actions on the victim's behalf. Recommendations: For versions 1.12 a...
WordPress Admin Menu Editor Plugin <= 1.12 is vulnerable to Cross Site Request Forgery (CSRF)
Software Admin Menu Editor Type Plugin Vulnerable versions = 1.12 Fixed in 1.12.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-24876 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 49e5e1a0e68c Credits Dhabaleshwar Das...
CVE-2023-43713
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability, which allows attackers to inject JS via the "title" parameter, in the "/admin/admin-menu/add-submit" endpoint, which can lead to unauthorized execution of scripts in a user's web browser...