2 matches found
CVE-2022-1152 Menubar < 5.8 - Reflected Cross-Site Scripting
The Menubar WordPress plugin before 5.8 does not sanitise and escape the command parameter before outputting it back in the response via the menubar AJAX action available to any authenticated users, leading to a Reflected Cross-Site Scripting...
CVE-2022-1152
CVE-2022-1152 affects the WordPress Menubar plugin prior to 5.8. The root cause is failure to sanitize/escape the command parameter in the AJAX response, allowing Reflected Cross‑Site Scripting when authenticated users trigger the menubar action. Multiple connected sources corroborate: the vulner...