CVE-2026-1786 Twitter posts to Blog <= 1.11.25 - Missing Authorization to Unauthenticated Plugin Settings Update

The Twitter posts to Blog plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dgtwoptions' function in all versions up to, and including, 1.11.25. This makes it possible for unauthenticated attackers to update plugin settings including...

CVE-2023-29848

Bang Resto 1.0 was discovered to contain a stored cross-site scripting XSS vulnerability via the itemName parameter in the admin/menu.php Add New Menu function...

CVE-2022-0625

The Admin Menu Editor WordPress plugin through 1.0.4 does not sanitize and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...

CVE-2025-23686

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in phpdevca Admin Menu Organizer admin-menu-organizer allows Reflected XSS.This issue affects Admin Menu Organizer: from n/a through = 1.0.1...

CVE-2025-14170

The Vimeo SimpleGallery plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 0.2. This is due to missing authorization checks on the vimeogalleryadmin function hooked to adminmenu. This makes it possible for authenticated attackers, with Subscriber-lev...

CVE-2025-14170 Vimeo SimpleGallery <= 0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification

The Vimeo SimpleGallery plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 0.2. This is due to missing authorization checks on the vimeogalleryadmin function hooked to adminmenu. This makes it possible for authenticated attackers, with Subscriber-lev...

WordPress Custom Admin Menu plugin <= 1.0.0 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Yousof Nahya in WordPress Plugin Custom Admin Menu versions = 1.0.0...

CVE-2025-13071

The Custom Admin Menu WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2025-13071

The Custom Admin Menu WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2025-13071 Custom Admin Menu <= 1.0.0 - Reflected XSS

The Custom Admin Menu WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2025-13071

CVE-2025-13071 affects the WordPress plugin “Custom Admin Menu” up to version 1.0.0. The issue is a reflected Cross-Site Scripting (XSS) where a parameter is echoed back without proper sanitisation/escaping, enabling an attacker to inject scripts that could run in the context of an admin user’s s...

CVE-2025-13071 Custom Admin Menu <= 1.0.0 - Reflected XSS

The Custom Admin Menu WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

PT-2025-49803

Name of the Vulnerable Software and Affected Versions Custom Admin Menu WordPress plugin versions through 1.0.0 Description The plugin does not properly sanitise and escape a parameter before displaying it on a page, which can lead to a Reflected Cross-Site Scripting issue. This could potentially...

WordPress plugin Custom Admin Menu 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2025-12315

A vulnerability was determined in code-projects Food Ordering System 1.0. This affects an unknown function of the file /admin/menu.php. Executing a manipulation of the argument itemPrice can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclosed and ma...

CVE-2025-12315

A vulnerability was determined in code-projects Food Ordering System 1.0. This affects an unknown function of the file /admin/menu.php. Executing a manipulation of the argument itemPrice can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclosed and ma...

CVE-2025-12315

A vulnerability was determined in code-projects Food Ordering System 1.0. This affects an unknown function of the file /admin/menu.php. Executing a manipulation of the argument itemPrice can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclosed and ma...

CVE-2025-12315 code-projects Food Ordering System menu.php sql injection

A vulnerability was determined in code-projects Food Ordering System 1.0. This affects an unknown function of the file /admin/menu.php. Executing a manipulation of the argument itemPrice can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclosed and ma...

EUVD-2025-36351

A vulnerability was determined in code-projects Food Ordering System 1.0. This affects an unknown function of the file /admin/menu.php. Executing manipulation of the argument itemPrice can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclosed and may ...

CVE-2025-12315

CVE-2025-12315 affects code-projects Food Ordering System 1.0. The vulnerability resides in the code path involving /admin/menu.php and specifically the manipulation of the itemPrice parameter, which can lead to SQL injection. It is exploitable remotely over the network, with exploitation publicl...