CVE-2024-8434

The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with subscriber-lev...

CVE-2024-8434

The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with subscriber-lev...

CVE-2024-8434

CVE-2024-8434 affects the Easy Mega Menu Plugin for WordPress – ThemeHunk. A missing capability check on several AJAX-hooked functions allows authenticated users with subscriber-level access and above to perform actions such as updating plugin settings in all versions up to 1.0.9. The vulnerabili...

WordPress HT Mega Plugin <= 2.6.5 is vulnerable to Sensitive Data Exposure

Software HT Mega Type Plugin Vulnerable versions = 2.6.5 Fixed in 2.6.6 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-8910 Patch priority Low CVSS severity Low 4.3 Developer HTMega PSID 2309cc03bb5c Credits Ankit Patel Required privilege Contributor...

WordPress plugin HT Mega 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-39311 · WordPress · Ht Mega – Absolute Addons For Elementor

Name of the Vulnerable Software and Affected Versions: HT Mega – Absolute Addons For Elementor plugin for WordPress versions up to, and including, 2.6.5 Description: The issue allows authenticated attackers with Contributor-level access and above to extract sensitive private, pending, and draft...

PT-2024-39011 · Themehunk · Easy Mega Menu Plugin

Name of the Vulnerable Software and Affected Versions: Easy Mega Menu Plugin for WordPress – ThemeHunk plugin versions up to, and including, 1.0.9 Description: The issue arises from a missing capability check on several functions hooked via AJAX, allowing authenticated attackers with...

CVE-2024-5583

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the carouseldirection parameter of testimonials widget in all versions up to, and including, 5.6.2 due to insufficient input...

CVE-2024-5583 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonials Widget Settings

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the carouseldirection parameter of testimonials widget in all versions up to, and including, 5.6.2 due to insufficient input...

CVE-2024-43267

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Qamar Sheeraz, Nasir Ahmad, GenialSouls Mega Addons For Elementor allows Stored XSS.This issue affects Mega Addons For Elementor: from n/a through 1.9...

CVE-2024-43267

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Qamar Sheeraz, Nasir Ahmad, GenialSouls Mega Addons For Elementor allows Stored XSS.This issue affects Mega Addons For Elementor: from n/a through 1.9...

CVE-2024-43267 WordPress Mega Addons For Elementor plugin <= 1.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Qamar Sheeraz, Nasir Ahmad, GenialSouls Mega Addons For Elementor allows Stored XSS.This issue affects Mega Addons For Elementor: from n/a through 1.9...

CVE-2024-43267

CVE-2024-43267 (Mega Addons For Elementor) is a Stored XSS via improper input neutralization in Mega Addons For Elementor (elementor addon) affecting versions from n/a through 1.9. The description in the CVE notes the vulnerability type and affected range. Connected sources corroborate an XSS cla...

CVE-2024-43267 WordPress Mega Addons For Elementor plugin <= 1.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Qamar Sheeraz, Nasir Ahmad, GenialSouls Mega Addons For Elementor allows Stored XSS.This issue affects Mega Addons For Elementor: from n/a through 1.9...

WordPress plugin Mega Addons For Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

China-Backed Earth Baku Expands Cyber Attacks to Europe, Middle East, and Africa

The China-backed threat actor known as Earth Baku has diversified its targeting footprint beyond the Indo-Pacific region to include Europe, the Middle East, and Africa starting in late 2022. Newly targeted countries as part of the activity include Italy, Germany, the U.A.E., and Qatar, with...

WordPress Mega Addons For Elementor plugin <= 1.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Mega Addons For Elementor versions = 1.9...

CVE-2024-37466

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Kraftplugins Mega Elements.This issue affects Mega Elements: from n/a through 1.2.2...

CVE-2024-37466

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Kraftplugins Mega Elements.This issue affects Mega Elements: from n/a through 1.2.2...

CVE-2024-37466

CVE-2024-37466 describes an XSS vulnerability in the WordPress plugin Mega Elements (Addons for Elementor) . The issue is caused by improper neutralization of input during web page generation and affects Mega Elements: from n/a through 1.2.2 . Connected documents corroborate the vulnerability und...