3 matches found
CVE-2021-24722
The Restaurant Menu by MotoPress WordPress plugin before 2.4.2 does not properly sanitize or escape inputs when creating new menu items, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24722
The WordPress Restaurant Menu by MotoPress plugin (versions before 2.4.2) is vulnerable to a stored XSS due to inadequate sanitization/escaping when creating new menu items. This can allow an authenticated user to inject scripts that may execute in admin and public pages. Remediation: update the ...
CVE-2021-24722 Restaurant Menu by MotoPress < 2.4.2 - Admin+ Stored Cross Site Scripting
The Restaurant Menu by MotoPress WordPress plugin before 2.4.2 does not properly sanitize or escape inputs when creating new menu items, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...