WordPress plugin Admin Menu Editor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Admin Menu Editor plugin <= 1.0.4 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Ran Crane in WordPress Admin Menu Editor plugin versions = 1.0.4. Solution Deactivate and delete. This plugin has been closed as of March 9, 2022 and is not available for download. This closure is temporary, pending a full review...

Admin Menu Editor <= 1.0.4 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. https://example.com/wp-admin/options-general.php?page=admin-menu-restriction&role="...

Admin Menu Editor <= 1.0.4 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. PoC https://example.com/wp-admin/options-general.php?page=admin-menu-restriction="...

WordPress Smart Admin Menu Filter plugin <= 1.0.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Smart Admin Menu Filter plugin versions = 1.0.1. Solution No patched version available...

BookingPress < 1.0.11 - Unauthenticated SQL Injection

The plugin fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the bookingpressfrontgetcategoryservices AJAX action available to unauthenticated users, leading to an unauthenticated SQL Injection - Create a new "category" and associate i...

CommonsBooking < 2.6.8 - Unauthenticated SQL Injection

The plugin does not sanitise and escape the location parameter of the calendardata AJAX action available to unauthenticated users before it is used in dynamically constructed SQL queries, leading to an unauthenticated SQL injection Create an "item" and a "location" via the newly added...

CommonsBooking < 2.6.8 - Unauthenticated SQL Injection

The plugin does not sanitise and escape the location parameter of the calendardata AJAX action available to unauthenticated users before it is used in dynamically constructed SQL queries, leading to an unauthenticated SQL injection PoC Create an "item" and a "location" via the newly added...

WordPress Button Generator Plugin File Inclusion Vulnerability

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The WordPress Button Generator Plugin has a file inclusion vulnerability prior to 2.3.3. The vulnerability stems from the fact that the plugin does not effectively filter calls to remote file...

Cross site request forgery (csrf)

The Button Generator WordPress plugin before 2.3.3 within the wow-company admin menu page allows to include arbitrary file with PHP extension as well as with data:// or http:// protocols, thus leading to CSRF RCE...

CVE-2020-18065

Cross Site Scripting XSS vulnerability exists in PopojiCMS 2.0.1 in admin.php?mod=menumanager--------- edit menu...

CVE-2020-18065

Cross Site Scripting XSS vulnerability exists in PopojiCMS 2.0.1 in admin.php?mod=menumanager--------- edit menu...

CVE-2020-9439

Multiple cross-site scripting XSS vulnerabilities in Uncanny Owl Tin Canny LearnDash Reporting before 3.4.4 allows authenticated remote attackers to inject arbitrary web script or HTML via the searchkey GET Parameter in TinCanContentListTable.php, message GET Parameter in licensing.php,...

WordPress Admin Menu plugin <= 1.1 - Authenticated Cross-Site Scripting (XSS) vulnerability

Authenticated Cross-Site Scripting XSS vulnerability found by zerodetail & ratherbland WordPress Admin Menu plugin versions = 1.1. Solution Plugin closed. Deactivate and delete...

WP Admin Menu Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language, which supports the setting up of personal blog sites on servers with PHP and MySQL. It is widely used internationally and can be compatible with self-developed plug-ins. Powerful and widely used. Cross-site scripting vulnerability...

CVE-2020-24316

WP Plugin Rednumber Admin Menu v1.1 and lower does not sanitize the value of the "role" GET parameter before echoing it back out to the user. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL...

CVE-2020-24316

WP Plugin Rednumber Admin Menu v1.1 and lower does not sanitize the value of the "role" GET parameter before echoing it back out to the user. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL...

CVE-2020-24316

WP Plugin Rednumber Admin Menu v1.1 and lower does not sanitize the value of the "role" GET parameter before echoing it back out to the user. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL...

CVE-2020-24316

CVE-2020-24316 affects the WordPress plugin Rednumber Admin Menu (versions 1.1 and lower). The vulnerability is a reflected XSS where the GET parameter role is echoed back without sanitization, enabling an attacker to craft a URL to execute client-side scripts. Exploitation is via a specially cra...

PT-2020-15681 · Rednumber · Wp Plugin Rednumber Admin Menu

Name of the Vulnerable Software and Affected Versions: WP Plugin Rednumber Admin Menu versions 1.1 and lower Description: The issue is related to a reflected XSS vulnerability. It occurs because the role GET parameter value is not sanitized before being echoed back to the user. This allows...