PT-2024-11039 · WordPress · Wordpress Mega Menu

Name of the Vulnerable Software and Affected Versions: WordPress Mega Menu plugin versions up to, and including, 2.0.6 Description: The WordPress Mega Menu plugin is vulnerable to Arbitrary File Creation, allowing unauthenticated attackers to create arbitrary PHP files that can be used to execute...

VulnCheck KEV: CVE-2021-4443

The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions up to, and including, 2.0.6 via the compilersave AJAX action. This makes it possible for unauthenticated attackers to create arbitrary PHP files that can be used to execute malicious code...

CVE-2024-8913

CVE-2024-8913 affects The Plus Addons for Elementor (WordPress) up to version 5.6.11. The issue arises from the render function in modules/widgets/tp_accordion.php, enabling authenticated attackers with Contributor-level access and above to expose sensitive information (private, pending, and draf...

CVE-2024-8913 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.6.11 - Authenticated (Contributor+) Sensitive Information Exposure via content_template

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.6.11 via the render function in modules/widgets/tpaccordion.php. This makes it possibl...

CVE-2024-8433

The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘themehunkmegamenubgimage' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-8433 Easy Mega Menu Plugin for WordPress – ThemeHunk <= 1.1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting

The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘themehunkmegamenubgimage' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for...

PT-2024-39010 · Themehunk · Easy Mega Menu Plugin For Wordpress

Name of the Vulnerable Software and Affected Versions: The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress versions up to, and including, 1.1.0 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This...

CVE-2024-47343

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kraft Plugins Mega Elements mega-elements-addons-for-elementor allows Stored XSS.This issue affects Mega Elements: from n/a through = 1.2.4...

CVE-2024-47343 WordPress Mega Elements – Addons for Elementor plugin <= 1.2.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kraft Plugins Mega Elements mega-elements-addons-for-elementor allows Stored XSS.This issue affects Mega Elements: from n/a through = 1.2.4...

CVE-2024-47343 WordPress Mega Elements – Addons for Elementor plugin <= 1.2.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Kraftplugins Mega Elements allows Stored XSS.This issue affects Mega Elements: from n/a through 1.2.4...

CVE-2024-47343

CVE-2024-47343 describes a Stored XSS in WordPress plugin Mega Elements (Addons for Elementor) affecting versions up to 1.2.4. Patchstack reports the issue, with a fix available in version 1.2.5. Mitigation: upgrade to 1.2.5 or later. The vulnerability is a cross-site scripting flaw arising from ...

PT-2024-32558 · Kraftplugins · Kraftplugins Mega Elements

Name of the Vulnerable Software and Affected Versions: Kraftplugins Mega Elements versions 1.2.4 and earlier Description: The issue is related to improper neutralization of input during web page generation, leading to a Stored Cross-site Scripting XSS vulnerability. This allows for stored XSS...

WordPress plugin Mega Elements 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Mega Elements – Addons for Elementor plugin <= 1.2.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Mega Elements versions = 1.2.4...

WordPress Mega Elements Plugin <= 1.2.4 is vulnerable to Cross Site Scripting (XSS)

Software Mega Elements Type Plugin Vulnerable versions = 1.2.4 Fixed in 1.2.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47343 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1be74e6ef4a6 Credits João Pedro S Alcântara Kinorth Required...

WordPress HT Mega – Absolute Addons For Elementor plugin <= 2.6.5 - Authenticated (Contributor+) Sensitive Information Exposure via template_id vulnerability

Authenticated Contributor+ Sensitive Information Exposure via templateid vulnerability discovered by Ankit Patel in WordPress Plugin HT Mega versions = 2.6.5...

CVE-2024-8910

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.5 via the render function in includes/widgets/htmegaaccordion.php. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2024-8910

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.5 via the render function in includes/widgets/htmegaaccordion.php. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2024-8910 HT Mega – Absolute Addons For Elementor <= 2.6.5 - Authenticated (Contributor+) Sensitive Information Exposure via template_id

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.5 via the render function in includes/widgets/htmegaaccordion.php. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2024-8910

CVE-2024-8910 concerns HT Mega – Absolute Addons For Elementor for WordPress. The vulnerability affects versions up to and including 2.6.5 and enables Sensitive Information Exposure via the render function in includes/widgets/htmega_accordion.php. Exploitation requires at least Contributor-level ...