CVE-2022-38481

An issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP2. The application is prone to reflected Cross-site Scripting XSS in several features...

CVE-2022-38482

A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP4...

CVE-2022-38482

A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP4...

CVE-2022-38481

An issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP2. The application is prone to reflected Cross-site Scripting XSS in several features...

MEGA International HOPEX 后置链接漏洞

MEGA International HOPEX is a single software platform from MEGA International, France. combining integrated software solutions including privacy and data management, business process analysis and risk management. A security vulnerability exists in MEGA International HOPEX version 15.2.0.6110,...

MEGA International HOPEX 跨站脚本漏洞

MEGA International HOPEX is a single software platform from MEGA International, France. combining integrated software solutions including privacy and data management, business process analysis and risk management. A security vulnerability exists in MEGA International HOPEX version 15.2.0.6110,...

WordPress plugin Royal Elementor Addons 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

VulnCheck KEV: CVE-2022-4711

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprsavemegamenusettings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to enable and modify...

PT-2023-13610 · Mega · Mega Hopex

Name of the Vulnerable Software and Affected Versions: Mega HOPEX versions 15.2.0.6110 through V5CP4 Description: A link-manipulation issue was discovered. Recommendations: For Mega HOPEX versions 15.2.0.6110 through V5CP4, update to version V5CP4 or later to resolve the issue...

PT-2023-15173 · WordPress · Royal Elementor Addons

Name of the Vulnerable Software and Affected Versions: The Royal Elementor Addons plugin for WordPress versions up to, and including, 1.3.59 Description: The issue is related to insufficient access control in the 'wpr save mega menu settings' AJAX action. This allows any authenticated user,...

PT-2023-15150 · WordPress · Royal Elementor Addons

Name of the Vulnerable Software and Affected Versions: The Royal Elementor Addons plugin for WordPress versions up to, and including, 1.3.59 Description: The issue is due to missing nonce validation in the wpr create mega menu template AJAX function, allowing unauthenticated attackers to create...

CVE-2022-38482

Mega HOPEX vulnerability CVE-2022-38482 affects versions 15.2.0.6110 through V5CP4, with a link-manipulation issue. Root cause is not elaborated in the provided documents beyond the version range. Remediation: upgrade to V5CP4 or later. No exploitation details are provided in the sources; in-the-...

CVE-2022-38481

CVE-2022-38481 affects Mega HOPEX 15.2.0.6110 prior to V5CP2, with a reflected XSS vulnerability reported across multiple features. The Red Hat/NVD/CVE ecosystem entries consistently describe the same issue for this product/version range. The PT Security advisory explicitly recommends upgrading t...

PT-2023-13609 · Mega · Mega Hopex

Name of the Vulnerable Software and Affected Versions: Mega HOPEX versions 15.2.0.6110 through V5CP2 Description: The application is prone to reflected Cross-site Scripting XSS in several features. Recommendations: For Mega HOPEX versions 15.2.0.6110 through V5CP2, update to a version after V5CP2...

CVE-2022-4501

The Mega Addons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the vcsavingdata function in versions up to, and including, 4.2.7. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin'...

Authorization

The Mega Addons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the vcsavingdata function in versions up to, and including, 4.2.7. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin'...

CVE-2022-4501 Mega Addons For WPBakery Page Builder <= 4.3.0 - Authenticated (Subscriber+) Settings Update

The Mega Addons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the vcsavingdata function in versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin'...

CVE-2022-4501 Mega Addons For WPBakery Page Builder <= 4.3.0 - Authenticated (Subscriber+) Settings Update

The Mega Addons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the vcsavingdata function in versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin'...

CVE-2022-4501

The CVE-2022-4501 entry concerns the Mega Addons plugin for WordPress, where an authorization bypass exists due to a missing capability check in the vc_saving_data function up to version 4.2.7. This allows authenticated users with subscriber-level permissions and above to update plugin settings. ...

WordPress plugin Mega Addons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...