142 matches found
CVE-2022-4711
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprsavemegamenusettings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to enable and modify Mega Menu...
CVE-2022-4711
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprsavemegamenusettings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to enable and modify Mega Menu...
CVE-2022-4711
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprsavemegamenusettings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to enable and modify Mega Menu...
Improper access control
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprsavemegamenusettings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to enable and modify Mega Menu...
CVE-2022-4711 Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Menu Settings Update
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprsavemegamenusettings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to enable and modify Mega Menu...
PT-2023-15150 · WordPress · Royal Elementor Addons
Name of the Vulnerable Software and Affected Versions: The Royal Elementor Addons plugin for WordPress versions up to, and including, 1.3.59 Description: The issue is due to missing nonce validation in the wpr create mega menu template AJAX function, allowing unauthenticated attackers to create...
WordPress plugin Royal Elementor Addons 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
PT-2023-15173 · WordPress · Royal Elementor Addons
Name of the Vulnerable Software and Affected Versions: The Royal Elementor Addons plugin for WordPress versions up to, and including, 1.3.59 Description: The issue is related to insufficient access control in the 'wpr save mega menu settings' AJAX action. This allows any authenticated user,...
Royal Elementor Addons < 1.3.60 - Subscriber+ Mega Menu Settings Update
The plugin does not have authorisation and CSRF checks when updating the mega menu settings, which could allow any authenticated user, such as subscriber to perform such action...
VulnCheck KEV: CVE-2022-4711
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprsavemegamenusettings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to enable and modify...
CVE-2022-0628
The Mega Menu WordPress plugin before 3.0.8 does not sanitize and escape the wpnonce parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...
CVE-2022-0628
The Mega Menu WordPress plugin before 3.0.8 does not sanitize and escape the wpnonce parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...
CVE-2022-0628
The Mega Menu WordPress plugin before 3.0.8 does not sanitize and escape the wpnonce parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...
Cross site scripting
The Mega Menu WordPress plugin before 3.0.8 does not sanitize and escape the wpnonce parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...
CVE-2022-0628
CVE-2022-0628 affects the WordPress plugin Mega Menu prior to version 3.0.8. The vulnerability stems from not sanitizing/escaping the _wpnonce parameter before echoing it on an admin page, enabling Reflected Cross-Site Scripting. Impact is a user/admin-page XSS exposure as described across NVD/Re...
CVE-2022-0628 AP Mega Menu < 3.0.8 - Reflected Cross-Site Scripting
The Mega Menu WordPress plugin before 3.0.8 does not sanitize and escape the wpnonce parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...
WordPress plugin Mega Menu 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress...
WordPress AP Mega Menu plugin <= 3.0.7 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Ran Crane in WordPress AP Mega Menu plugin versions = 3.0.7. Solution Update the WordPress AP Mega Menu plugin to the latest available version at least 3.0.8...
DRUPAL-CONTRIB-2021-041
This module provides an admin interface for creating drop down menus that combine Drupal menu items with rich media content. This module has a vulnerability whereby users can select blocks as a menu item they don't have permission to view. The vulnerability is mitigated by the fact that it can on...
DRUPAL-CONTRIB-2021-038
This module provides an admin interface for creating drop down menus that combine Drupal menu items with rich media content. The module does not sanitize values for CSS properties that are added by admins and rendered on the front-end, allowing attackers to inject malicious code into the front-en...