PT-2023-17091 · WordPress · Mega Main Menu

Name of the Vulnerable Software and Affected Versions: Mega Main Menu plugin for WordPress versions up to, and including, 2.2.2 Description: The issue is related to Stored Cross-Site Scripting via some of the plugin's settings parameters due to insufficient input sanitization and output escaping...

WordPress Plugin Mega Main Menu 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

CVE-2023-25192

AMI MegaRAC SPX devices allow User Enumeration through Redfish. The fixed versions are SPx12-update-7.00 and SPx13-update-5.00...

SUSE CVE-2016-5107

The megasaslookupframe function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS administrators to cause a denial of service out-of-bounds read and crash via unspecified vectors...

SUSE CVE-2017-9503

QEMU aka Quick Emulator, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service NULL pointer dereference and QEMU process crash via vectors involving megasas command processing...

CVE-2022-39059

ChangingTech MegaServiSignAdapter component has a path traversal vulnerability within its file reading function. An unauthenticated remote attacker can exploit this vulnerability to access arbitrary system files...

WordPress Mega Main Menu Plugin <= 2.2.2 is vulnerable to Sensitive Data Exposure

Software Mega Main Menu Type Plugin Vulnerable versions = 2.2.2 Fixed in N/A OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE N/A Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID f8d7f453705f Credits indoushka Required privilege...

CVE-2022-38482

A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP4...

CVE-2022-38481

An issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP2. The application is prone to reflected Cross-site Scripting XSS in several features...

CVE-2022-38482

A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP4...

CVE-2022-38481

An issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP2. The application is prone to reflected Cross-site Scripting XSS in several features...

Cross site scripting

An issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP2. The application is prone to reflected Cross-site Scripting XSS in several features...

Code injection

A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP4...

CVE-2022-4707

The Royal Elementor Addons plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.59. This is due to missing nonce validation in the 'wprcreatemegamenutemplate' AJAX function. This allows unauthenticated attackers to create Mega Menu templates,...

CVE-2022-4711

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprsavemegamenusettings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to enable and modify Mega Menu...

CVE-2022-4711

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprsavemegamenusettings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to enable and modify Mega Menu...

CVE-2022-4711

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprsavemegamenusettings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to enable and modify Mega Menu...

Improper access control

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprsavemegamenusettings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to enable and modify Mega Menu...

CVE-2022-4711 Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Menu Settings Update

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprsavemegamenusettings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to enable and modify Mega Menu...

Royal Elementor Addons < 1.3.60 - Subscriber+ Mega Menu Settings Update

The plugin does not have authorisation and CSRF checks when updating the mega menu settings, which could allow any authenticated user, such as subscriber to perform such action...