CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

41 matches found

RedhatCVE•added 2026/01/09 10:45 a.m.•4 views

CVE-2022-0313

The Float menu WordPress plugin before 4.3.1 does not have CSRF check in place when deleting menu, which could allow attackers to make a logged in admin delete them via a CSRF attack...

4.3CVSS6.7AI score0.00103EPSS

Exploits2References1

RedhatCVE•added 2026/01/07 9:20 a.m.•5 views

CVE-2024-2405

The Float menu WordPress plugin before 6.0.1 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admin delete arbitrary menu via a CSRF attack...

4.5CVSS6.8AI score0.00214EPSS

Exploits2References1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-15484

Malicious code in bioql PyPI...

4.3CVSS4.8AI score0.00103EPSS

Exploits2References2

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-8301

Malicious code in bioql PyPI...

5.4CVSS9AI score0.00326EPSS

Exploits0References2

RedhatCVE•added 2025/05/23 2:15 a.m.•4 views

CVE-2023-3225

The Float menu WordPress plugin before 5.0.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.6AI score0.0031EPSS

Exploits2References1

RedhatCVE•added 2025/03/29 11:50 a.m.•5 views

CVE-2025-30912

Cross-Site Request Forgery CSRF vulnerability in Wow-Company Float menu float-menu allows Cross Site Request Forgery.This issue affects Float menu: from n/a through = 6.1.2...

5.4CVSS7.2AI score0.00326EPSS

Exploits0References1

Patchstack•added 2025/03/27 11:17 a.m.•2 views

WordPress Float menu plugin <= 6.1.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross Site Request Forgery CSRF to Settings Change vulnerability discovered by Khang Duong in WordPress Plugin Float menu versions = 6.1.2...

5.4CVSS6.9AI score0.00326EPSS

Exploits0Affected Software1

ATTACKERKB•added 2025/03/27 11:15 a.m.•1 views

CVE-2025-30912

Cross-Site Request Forgery CSRF vulnerability in Wow-Company Float menu float-menu allows Cross Site Request Forgery.This issue affects Float menu: from n/a through = 6.1.2...

5.4CVSS7.2AI score0.00326EPSS

Exploits0References3

NVD•added 2025/03/27 11:15 a.m.•10 views

CVE-2025-30912

Cross-Site Request Forgery CSRF vulnerability in Wow-Company Float menu float-menu allows Cross Site Request Forgery.This issue affects Float menu: from n/a through = 6.1.2...

5.4CVSS0.00326EPSS

Exploits0References1

Vulnrichment•added 2025/03/27 10:55 a.m.•4 views

CVE-2025-30912 WordPress Float menu plugin <= 6.1.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery CSRF vulnerability in Wow-Company Float menu float-menu allows Cross Site Request Forgery.This issue affects Float menu: from n/a through = 6.1.2...

5.4CVSS7.3AI score0.00326EPSS

Exploits0References1

Cvelist•added 2025/03/27 10:55 a.m.•11 views

CVE-2025-30912 WordPress Float menu plugin <= 6.1.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery CSRF vulnerability in Wow-Company Float menu float-menu allows Cross Site Request Forgery.This issue affects Float menu: from n/a through = 6.1.2...

5.4CVSS0.00326EPSS

Exploits0References1

CVE•added 2025/03/27 10:55 a.m.•56 views

CVE-2025-30912

CVE-2025-30912 is a CSRF vulnerability in the Float menu WordPress plugin. Affected: Float menu versions up to 6.1.2 (initial doc lists the range). The issue permits Cross-Site Request Forgery to change settings; impact per CVSS includes no confidentiality loss, partial integrity, and partial ava...

5.4CVSS7.2AI score0.00326EPSS

Exploits0References1

CNNVD•added 2025/03/27 12:0 a.m.•1 views

WordPress plugin Float menu 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

5.4CVSS8.5AI score0.00326EPSS

Exploits0References2

Patchstack•added 2024/05/02 6:33 a.m.•4 views

WordPress Float menu plugin < 6.0.1 - Menu Deletion via CSRF vulnerability

Menu Deletion via CSRF vulnerability discovered by Erwan LR WPScan in WordPress Plugin Float menu versions 6.0.1...

4.5CVSS7AI score0.00214EPSS

Exploits2References1Affected Software1

OSV•added 2024/05/02 6:15 a.m.•0 views

CVE-2024-2405

The Float menu WordPress plugin before 6.0.1 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admin delete arbitrary menu via a CSRF attack...

4.5CVSS5.9AI score

Exploits0References1

Cvelist•added 2024/05/02 6:0 a.m.•12 views

CVE-2024-2405 Float menu < 6.0.1 - Menu Deletion via CSRF

The Float menu WordPress plugin before 6.0.1 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admin delete arbitrary menu via a CSRF attack...

6.7AI score0.00214EPSS

Exploits2References1

Vulnrichment•added 2024/05/02 6:0 a.m.•12 views

CVE-2024-2405 Float menu < 6.0.1 - Menu Deletion via CSRF

The Float menu WordPress plugin before 6.0.1 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admin delete arbitrary menu via a CSRF attack...

6.8AI score0.00214EPSS

Exploits2References1

CNNVD•added 2024/05/02 12:0 a.m.•1 views

WordPress plugin Float menu 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

4.5CVSS6.4AI score0.00214EPSS

Exploits2References2

Patchstack•added 2024/05/02 12:0 a.m.•10 views

WordPress Float menu Plugin < 6.0.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Float menu Type Plugin Vulnerable versions 6.0.1 Fixed in 6.0.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-2405 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 80605a5ac1fe Credits Erwan LR WPScan Required...

4.5CVSS6.6AI score0.00214EPSS

Exploits2References3Affected Software1

Positive Technologies•added 2024/05/01 12:0 a.m.•2 views

PT-2024-20254 · WordPress · Float Menu

Name of the Vulnerable Software and Affected Versions: The Float menu WordPress plugin versions prior to 6.0.1 Description: The issue is related to the lack of a CSRF check in the bulk actions of the plugin, which could allow attackers to make logged-in admins delete arbitrary menus via a CSRF...

4.5CVSS6.3AI score0.00214EPSS

Exploits2References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by