CVE-2025-9495 Viessmann Vitogate 300 Authentication Bypass

The Vitogate 300 web interface fails to enforce proper server-side authentication and relies on frontend-based authentication controls. This allows an attacker to simply modify HTML elements in the browser’s developer tools to bypass login restrictions. By removing specific UI elements, an attack...

CVE-2025-9495 Viessmann Vitogate 300 Authentication Bypass

The Vitogate 300 web interface fails to enforce proper server-side authentication and relies on frontend-based authentication controls. This allows an attacker to simply modify HTML elements in the browser’s developer tools to bypass login restrictions. By removing specific UI elements, an attack...

CVE-2025-9495

CVE-2025-9495 - Vitogate 300 Authentication Bypass : The Vitogate 300 web interface relies on frontend-based authentication controls and does not enforce proper server-side authentication. An attacker can modify HTML elements via browser developer tools to bypass login restrictions and reveal the...

PT-2025-39104

Name of the Vulnerable Software and Affected Versions Vitogate 300 affected versions not specified Description The web interface does not properly enforce server-side authentication, relying instead on frontend-based authentication controls. This allows an attacker to bypass login restrictions by...

WordPress Admin Menu Editor plugin cross-site scripting vulnerability

WordPress Admin Menu Editor plugin is a plugin for customizing and managing backend menus, supporting reordering, hiding/showing menu items, modifying permissions and more. WordPress Admin Menu Editor plugin suffers from a cross-site scripting vulnerability that stems from insufficient input...

CVE-2025-9493

The Admin Menu Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘placeholder’ parameter in all versions up to, and including, 1.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level acce...

CVE-2025-9493

The Admin Menu Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘placeholder’ parameter in all versions up to, and including, 1.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level acce...

CVE-2025-9493

CVE-2025-9493 describes a Stored Cross-Site Scripting vulnerability in the WordPress plugin Admin Menu Editor. The root cause is insufficient input sanitization and output escaping for the placeholder parameter, enabling an authenticated attacker with Author-level access or higher to inject scrip...

CVE-2025-9493 Admin Menu Editor <= 1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via placeholder Parameter

The Admin Menu Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘placeholder’ parameter in all versions up to, and including, 1.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level acce...

CVE-2025-9493 Admin Menu Editor <= 1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via placeholder Parameter

The Admin Menu Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘placeholder’ parameter in all versions up to, and including, 1.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level acce...

WordPress Admin Menu Editor plugin <= 1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via placeholder Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via placeholder Parameter vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Admin Menu Editor versions = 1.14...

WordPress plugin Admin Menu Editor 跨站脚本漏洞

WordPress Admin Menu Editor plugin is a plugin for customizing and managing backend menus, supporting reordering, hiding/showing menu items, modifying permissions and more. WordPress Admin Menu Editor plugin suffers from a cross-site scripting vulnerability that stems from insufficient input...

CVE-2025-49035

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in chaimchaikin Admin Menu Groups admin-menu-groups allows Stored XSS.This issue affects Admin Menu Groups: from n/a through = 0.1.2...

CVE-2025-49035 WordPress Admin Menu Groups plugin <= 0.1.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in chaimchaikin Admin Menu Groups allows Stored XSS.This issue affects Admin Menu Groups: from n/a through 0.1.2...

CVE-2025-49035

CVE-2025-49035 corresponds to a Stored XSS weakness in the WordPress plugin Admin Menu Groups. Affected: Admin Menu Groups versions up to 0.1.2. Root cause: improper neutralization of user input during web page generation. Impact per the sources is stored XSS that could affect authenticated users...

CVE-2025-49035 WordPress Admin Menu Groups plugin <= 0.1.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in chaimchaikin Admin Menu Groups admin-menu-groups allows Stored XSS.This issue affects Admin Menu Groups: from n/a through = 0.1.2...

WordPress plugin Admin Menu Groups 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

PT-2025-34824 · Unknown · Chaimchaikin Admin Menu Groups

Name of the Vulnerable Software and Affected Versions: chaimchaikin Admin Menu Groups versions through 0.1.2 Description: The software contains an Improper Neutralization of Input During Web Page Generation issue, which allows for Stored Cross-Site Scripting XSS. Recommendations: Update...

WordPress Admin Menu Groups plugin <= 0.1.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan Patchstack Alliance in WordPress Plugin Admin Menu Groups versions = 0.1.2...

CVE-2024-24876

Cross-Site Request Forgery CSRF vulnerability in Janis Elsts Admin Menu Editor.This issue affects Admin Menu Editor: from n/a through 1.12...