Lucene search
K

142 matches found

Patchstack
Patchstack
added 2025/03/04 10:54 p.m.6 views

WordPress Hero Mega Menu - Responsive WordPress Menu Plugin plugin <= 1.16.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Directory Deletion vulnerability

WordPress Hero Mega Menu - Responsive WordPress Menu Plugin plugin = 1.16.5 - Missing Authorization to Authenticated Subscriber+ Arbitrary Directory Deletion vulnerability discovered by Lucio Sá in WordPress Plugin Hero Mega Menu - Responsive WordPress Menu Plugin versions = 1.16.5...

6.5CVSS7AI score0.00321EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/06 4:20 a.m.8 views

CVE-2021-4443

The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions up to, and including, 2.0.6 via the compilersave AJAX action. This makes it possible for unauthenticated attackers to create arbitrary PHP files that can be used to execute malicious code...

9.8CVSS7.3AI score0.00655EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/02/05 6:7 a.m.5 views

CVE-2024-49303

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows SQL Injection. This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: from n/a through 1.16.5...

8.5CVSS8.9AI score0.00353EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 5:53 a.m.4 views

CVE-2024-49333

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows SQL Injection. This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: from n/a through 1.16.5...

8.5CVSS8.9AI score0.00353EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 5:44 a.m.4 views

CVE-2024-49300

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows Reflected XSS. This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: from n/a through 1.16.5...

7.1CVSS8.6AI score0.00271EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 4:11 a.m.3 views

CVE-2024-54282

Deserialization of Untrusted Data vulnerability in Themeum WP Mega Menu wp-megamenu allows Object Injection.This issue affects WP Mega Menu: from n/a through = 1.4.2...

7.2CVSS7.2AI score0.0081EPSS
Exploits0References1
NVD
NVD
added 2025/01/21 2:15 p.m.11 views

CVE-2024-49333

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows SQL Injection. This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: from n/a through 1.16.5...

8.5CVSS0.00353EPSS
Exploits0References1
NVD
NVD
added 2025/01/21 2:15 p.m.17 views

CVE-2024-49300

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows Reflected XSS. This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: from n/a through 1.16.5...

7.1CVSS0.00271EPSS
Exploits0References1
NVD
NVD
added 2025/01/21 2:15 p.m.7 views

CVE-2024-49303

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows SQL Injection. This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: from n/a through 1.16.5...

8.5CVSS0.00353EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/21 1:40 p.m.16 views

CVE-2024-49303 WordPress Hero Menu plugin <= 1.16.5 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows SQL Injection. This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: from n/a through 1.16.5...

8.5CVSS0.00353EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/21 1:40 p.m.19 views

CVE-2024-49333 WordPress Hero Menu plugin <= 1.16.5 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows SQL Injection. This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: from n/a through 1.16.5...

8.5CVSS0.00353EPSS
Exploits0References1
CVE
CVE
added 2025/01/21 1:40 p.m.48 views

CVE-2024-49333

CVE-2024-49333 is a SQL injection vulnerability in the WordPress plugin Hero Mega Menu - Responsive WordPress Menu Plugin. It affects versions

8.5CVSS8.9AI score0.00353EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/21 12:0 a.m.3 views

PT-2025-2825 · WordPress · Hero Mega Menu

Name of the Vulnerable Software and Affected Versions: Hero Mega Menu - Responsive WordPress Menu Plugin versions 1.16.5 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL...

8.5CVSS9.8AI score0.00353EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/01/21 12:0 a.m.9 views

PT-2025-2826 · WordPress · Hero Mega Menu - Responsive Wordpress Menu Plugin

Name of the Vulnerable Software and Affected Versions: Hero Mega Menu - Responsive WordPress Menu Plugin versions n/a through 1.16.5 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL...

8.5CVSS9.9AI score0.00353EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/01/21 12:0 a.m.4 views

WordPress plugin Hero Mega Menu SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

8.5CVSS8.8AI score0.00353EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/01/21 12:0 a.m.3 views

WordPress plugin Hero Mega Menu SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

8.5CVSS8.8AI score0.00353EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/01/21 12:0 a.m.3 views

WordPress plugin Hero Mega Menu 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

7.1CVSS7.7AI score0.00271EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/21 12:0 a.m.4 views

PT-2025-2824 · WordPress · Hero Mega Menu - Responsive Wordpress Menu Plugin

Name of the Vulnerable Software and Affected Versions: Hero Mega Menu - Responsive WordPress Menu Plugin versions 1.16.5 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for reflected cross-site scripting XSS. This means an...

7.1CVSS9AI score0.00271EPSS
Exploits0References5
Patchstack
Patchstack
added 2025/01/03 2:50 p.m.3 views

WordPress Hero Menu plugin <= 1.16.5 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Bonds Patchstack Alliance in WordPress Plugin Hero Mega Menu - Responsive WordPress Menu Plugin versions = 1.16.5...

8.5CVSS8.1AI score0.00353EPSS
Exploits0Affected Software1
NVD
NVD
added 2024/12/13 3:15 p.m.7 views

CVE-2024-54282

Deserialization of Untrusted Data vulnerability in Themeum WP Mega Menu wp-megamenu allows Object Injection.This issue affects WP Mega Menu: from n/a through = 1.4.2...

7.2CVSS0.0081EPSS
Exploits0References1
Rows per page
Query Builder