PT-2024-36163 · Themeum · Wp Mega Menu

Name of the Vulnerable Software and Affected Versions: WP Mega Menu versions 1.4.2 and earlier Description: The issue is related to Deserialization of Untrusted Data, which allows Object Injection in Themeum WP Mega Menu. Recommendations: For WP Mega Menu versions 1.4.2 and earlier, update to a...

WordPress WP Mega Menu plugin <= 1.4.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin WP Mega Menu versions = 1.4.2...

CVE-2024-10365 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.0.3 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.3 via the render function in modules/widgets/tpcarouselanything.php,...

CVE-2024-10365

Summary: CVE-2024-10365 affects The Plus Addons for Elementor (WordPress plugin) up to version 6.0.3 and causes Sensitive Information Exposure via the render function used by multiple widgets (e.g., tp_carousel_anything.php, tp_page_scroll.php). Impact: authenticated attackers with Contributor-le...

Malicious code in mega-sparks (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8c8a06caf135ca489f44971a80962aeffd09ee3fe5c5f64c470012d39272d263 A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...

MAL-2024-10586 Malicious code in mega-sparks (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8c8a06caf135ca489f44971a80962aeffd09ee3fe5c5f64c470012d39272d263 A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...

CVE-2024-49693

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Kraftplugins Mega Elements allows Stored XSS.This issue affects Mega Elements: from n/a through 1.2.6...

CVE-2024-49693

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kraft Plugins Mega Elements mega-elements-addons-for-elementor allows Stored XSS.This issue affects Mega Elements: from n/a through = 1.2.6...

CVE-2024-49693 WordPress Mega Elements – Addons for Elementor plugin <= 1.2.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kraft Plugins Mega Elements mega-elements-addons-for-elementor allows Stored XSS.This issue affects Mega Elements: from n/a through = 1.2.6...

CVE-2024-49693

CVE-2024-49693 describes a stored XSS in Kraftplugins Mega Elements for Elementor, due to improper input neutralization during web page generation. Affected versions are Mega Elements from n/a through 1.2.6; Patch information indicates a fix in 1.2.7. Multiple sources (CVE entry, Red Hat/AR OS, P...

CVE-2024-49693 WordPress Mega Elements – Addons for Elementor plugin <= 1.2.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kraft Plugins Mega Elements mega-elements-addons-for-elementor allows Stored XSS.This issue affects Mega Elements: from n/a through = 1.2.6...

WordPress plugin Mega Elements 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2024-33646 · Kraftplugins · Kraftplugins Mega Elements

Name of the Vulnerable Software and Affected Versions: Kraftplugins Mega Elements versions 1.2.6 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendation...

WordPress Mega Elements – Addons for Elementor plugin <= 1.2.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Mega Elements versions = 1.2.6...

WordPress Mega Elements Plugin <= 1.2.6 is vulnerable to Cross Site Scripting (XSS)

Software Mega Elements Type Plugin Vulnerable versions = 1.2.6 Fixed in 1.2.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49693 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d1a9c6f9c436 Credits João Pedro S Alcântara Kinorth Required...

CVE-2021-4443

The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions up to, and including, 2.0.6 via the compilersave AJAX action. This makes it possible for unauthenticated attackers to create arbitrary PHP files that can be used to execute malicious code...

CVE-2021-4443

CVE-2021-4443 Impact: WordPress Mega Menu plugin (WordPress) versions up to 2.0.6 are vulnerable to Arbitrary File Creation via the compiler_save AJAX action, enabling unauthenticated attackers to create arbitrary PHP files that can execute code. Root cause: improper handling of the compiler_save...

CVE-2021-4443 WordPress Mega Menu <= 2.0.6 - Arbitrary File Creation

The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions up to, and including, 2.0.6 via the compilersave AJAX action. This makes it possible for unauthenticated attackers to create arbitrary PHP files that can be used to execute malicious code...

CVE-2021-4443 WordPress Mega Menu <= 2.0.6 - Arbitrary File Creation

The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions up to, and including, 2.0.6 via the compilersave AJAX action. This makes it possible for unauthenticated attackers to create arbitrary PHP files that can be used to execute malicious code...

WordPress plugin WordPress Mega Menu 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...