Lucene search
+L

142 matches found

osv
osv
added 2023/01/10 5:15 p.m.4 views

CVE-2022-4711

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprsavemegamenusettings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to enable and modify Mega Menu...

4.3CVSS5.8AI score0.00688EPSS
Exploits2References3
attackerkb
attackerkb
added 2023/01/10 5:15 p.m.4 views

CVE-2022-4711

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprsavemegamenusettings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to enable and modify Mega Menu...

4.3CVSS6.5AI score0.00688EPSS
Exploits2References4
nvd
nvd
added 2023/01/10 5:15 p.m.27 views

CVE-2022-4711

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprsavemegamenusettings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to enable and modify Mega Menu...

4.3CVSS4.4AI score0.00688EPSS
Exploits2References4
prion
prion
added 2023/01/10 5:15 p.m.23 views

Improper access control

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprsavemegamenusettings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to enable and modify Mega Menu...

4CVSS4.5AI score0.00688EPSS
Exploits2References3Affected Software1
vulnrichment
vulnrichment
added 2023/01/10 4:55 p.m.11 views

CVE-2022-4711 Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Menu Settings Update

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprsavemegamenusettings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to enable and modify Mega Menu...

4.3CVSS6.5AI score0.00688EPSS
Exploits2References3
ptsecurity
ptsecurity
added 2023/01/10 12:0 a.m.8 views

PT-2023-15150 · WordPress · Royal Elementor Addons

Name of the Vulnerable Software and Affected Versions: The Royal Elementor Addons plugin for WordPress versions up to, and including, 1.3.59 Description: The issue is due to missing nonce validation in the wpr create mega menu template AJAX function, allowing unauthenticated attackers to create...

6.5CVSS6.9AI score0.00348EPSS
Exploits1References7
cnnvd
cnnvd
added 2023/01/10 12:0 a.m.8 views

WordPress plugin Royal Elementor Addons 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

6.5CVSS6.9AI score0.00348EPSS
Exploits1References6
ptsecurity
ptsecurity
added 2023/01/10 12:0 a.m.9 views

PT-2023-15173 · WordPress · Royal Elementor Addons

Name of the Vulnerable Software and Affected Versions: The Royal Elementor Addons plugin for WordPress versions up to, and including, 1.3.59 Description: The issue is related to insufficient access control in the 'wpr save mega menu settings' AJAX action. This allows any authenticated user,...

4.3CVSS5.2AI score0.00688EPSS
Exploits2References7
wpvulndb
wpvulndb
added 2023/01/10 12:0 a.m.25 views

Royal Elementor Addons < 1.3.60 - Subscriber+ Mega Menu Settings Update

The plugin does not have authorisation and CSRF checks when updating the mega menu settings, which could allow any authenticated user, such as subscriber to perform such action...

4.3CVSS3AI score0.00688EPSS
Exploits2References1Affected Software1
vulncheck_kev
vulncheck_kev
added 2023/01/10 12:0 a.m.6 views

VulnCheck KEV: CVE-2022-4711

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprsavemegamenusettings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to enable and modify...

4.3CVSS6.5AI score0.00688EPSS
Exploits2References1
nvd
nvd
added 2022/03/21 7:15 p.m.22 views

CVE-2022-0628

The Mega Menu WordPress plugin before 3.0.8 does not sanitize and escape the wpnonce parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...

6.1CVSS0.00853EPSS
Exploits2References2
attackerkb
attackerkb
added 2022/03/21 7:15 p.m.5 views

CVE-2022-0628

The Mega Menu WordPress plugin before 3.0.8 does not sanitize and escape the wpnonce parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.3AI score0.00853EPSS
Exploits2References3
osv
osv
added 2022/03/21 7:15 p.m.4 views

CVE-2022-0628

The Mega Menu WordPress plugin before 3.0.8 does not sanitize and escape the wpnonce parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.4AI score0.00853EPSS
Exploits2References2
prion
prion
added 2022/03/21 7:15 p.m.19 views

Cross site scripting

The Mega Menu WordPress plugin before 3.0.8 does not sanitize and escape the wpnonce parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...

4.3CVSS6.2AI score0.00853EPSS
Exploits2References2Affected Software1
cve
cve
added 2022/03/21 6:55 p.m.86 views

CVE-2022-0628

CVE-2022-0628 affects the WordPress plugin Mega Menu prior to version 3.0.8. The vulnerability stems from not sanitizing/escaping the _wpnonce parameter before echoing it on an admin page, enabling Reflected Cross-Site Scripting. Impact is a user/admin-page XSS exposure as described across NVD/Re...

6.1CVSS6.2AI score0.00853EPSS
Exploits2References2Affected Software1
cvelist
cvelist
added 2022/03/21 6:55 p.m.26 views

CVE-2022-0628 AP Mega Menu < 3.0.8 - Reflected Cross-Site Scripting

The Mega Menu WordPress plugin before 3.0.8 does not sanitize and escape the wpnonce parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...

6.4AI score0.00853EPSS
Exploits2References2
cnnvd
cnnvd
added 2022/03/21 12:0 a.m.6 views

WordPress plugin Mega Menu 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress...

6.1CVSS5.9AI score0.00853EPSS
Exploits2References3
patchstack
patchstack
added 2022/02/28 12:0 a.m.28 views

WordPress AP Mega Menu plugin <= 3.0.7 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Ran Crane in WordPress AP Mega Menu plugin versions = 3.0.7. Solution Update the WordPress AP Mega Menu plugin to the latest available version at least 3.0.8...

6.1CVSS2.6AI score0.00853EPSS
Exploits2References3Affected Software1
osv
osv
added 2021/09/22 5:26 p.m.3 views

DRUPAL-CONTRIB-2021-041

This module provides an admin interface for creating drop down menus that combine Drupal menu items with rich media content. This module has a vulnerability whereby users can select blocks as a menu item they don't have permission to view. The vulnerability is mitigated by the fact that it can on...

6.8AI score
Exploits0References1
osv
osv
added 2021/09/22 5:25 p.m.4 views

DRUPAL-CONTRIB-2021-038

This module provides an admin interface for creating drop down menus that combine Drupal menu items with rich media content. The module does not sanitize values for CSS properties that are added by admins and rendered on the front-end, allowing attackers to inject malicious code into the front-en...

6.8AI score
Exploits0References1
Rows per page
Query Builder