33 matches found
EUVD-2023-28048
Malicious code in bioql PyPI...
EUVD-2025-3906
Malicious code in bioql PyPI...
EUVD-2023-44294
Malicious code in bioql PyPI...
CVE-2025-24714
Cross-Site Request Forgery CSRF vulnerability in Wow-Company Bubble Menu – circle floating menu bubble-menu allows Cross Site Request Forgery.This issue affects Bubble Menu – circle floating menu: from n/a through = 4.0.2...
CVE-2023-23984
Cross-Site Request Forgery CSRF vulnerability in Wow-Company Bubble Menu – circle floating menu plugin = 3.0.1 leading to form deletion...
CVE-2023-3650
The Bubble Menu WordPress plugin before 3.0.5 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup...
CVE-2025-24714
Cross-Site Request Forgery CSRF vulnerability in Wow-Company Bubble Menu – circle floating menu bubble-menu allows Cross Site Request Forgery.This issue affects Bubble Menu – circle floating menu: from n/a through = 4.0.2...
CVE-2025-24714
CVE-2025-24714 — Cross-Site Request Forgery in the WordPress plugin “Bubble Menu – circle floating menu” (affecting versions up to 4.0.2). Technical detail from sources shows the issue is a CSRF vulnerability capable of unauthorized actions on behalf of an authenticated user. Patch/mitigation: up...
CVE-2025-24714 WordPress Bubble Menu Plugin <= 4.0.2 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Wow-Company Bubble Menu – circle floating menu bubble-menu allows Cross Site Request Forgery.This issue affects Bubble Menu – circle floating menu: from n/a through = 4.0.2...
WordPress Bubble Menu Plugin <= 4.0.2 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Khang Duong in WordPress Plugin Bubble Menu – circle floating menu versions = 4.0.2...
WordPress plugin Bubble Menu – circle floating menu 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. WordPress plugin Bubble Menu - circle floating menu A...
PT-2025-5528 · Unknown · Bubble Menu
Name of the Vulnerable Software and Affected Versions: Bubble Menu – circle floating menu versions through 4.0.2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows Cross Site Request Forgery. Recommendations: For versions through 4.0.2, update to a version lat...
Malicious code in extension-bubble-menu (npm)
--- -= Per source details. Do not edit below this line.=-...
WordPress Bubble Menu – circle floating menu Plugin < 3.0.5 is vulnerable to Cross Site Scripting (XSS)
Software Bubble Menu – circle floating menu Type Plugin Vulnerable versions 3.0.5 Fixed in 3.0.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3650 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 29b436660257 Credits Dipak...
CVE-2023-3650
The Bubble Menu WordPress plugin before 3.0.5 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup...
CVE-2023-3650 Bubble Menu < 3.0.5 - Admin+ Stored XSS
The Bubble Menu WordPress plugin before 3.0.5 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup...
CVE-2023-3650
CVE-2023-3650 affects the WordPress Bubble Menu plugin (versions before 3.0.5). The issue is that the plugin does not sanitize and escape certain settings, enabling stored Cross-Site Scripting by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (notably in multisite set...
WordPress plugin Bubble Menu cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
PT-2023-25595 · WordPress · Bubble Menu Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: Bubble Menu WordPress plugin version 3.0.4 and earlier Description: The issue allows high-privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in...
Bubble Menu < 3.0.5 - Admin+ Stored XSS
Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. 1. Click on the "Add new" tab. 2...