28 matches found
EUVD-2020-11782
Malware in sbrugna...
EUVD-2023-42748
Malicious code in bioql PyPI...
EUVD-2024-51100
Malicious code in bioql PyPI...
EUVD-2022-15484
Malicious code in bioql PyPI...
CVE-2024-12774
The Altra Side Menu WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary menu via a CSRF attack...
CVE-2020-19886
DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for an /index.php?dbhcmspid=-80=9 can delete any menu...
WordPress Altra Side Menu plugin <= 2.0 - Abitrary Menu Deletion via CSRF vulnerability
Abitrary Menu Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Altra Side Menu versions = 2.0...
CVE-2024-12774
The Altra Side Menu WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary menu via a CSRF attack...
CVE-2024-12774 Altra Side Menu <= 2.0 - Abitrary Menu Deletion via CSRF
The Altra Side Menu WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary menu via a CSRF attack...
CVE-2024-12774
CVE-2024-12774 affects the Altra Side Menu WordPress plugin (≤ v2.0). It stems from missing CSRF checks, potentially allowing logged-in admins to delete arbitrary menus via CSRF. No explicit patch or mitigation details are provided in the connected documents; monitor for updates and consider rest...
CVE-2024-12774 Altra Side Menu <= 2.0 - Abitrary Menu Deletion via CSRF
The Altra Side Menu WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary menu via a CSRF attack...
PT-2025-1949
Name of the Vulnerable Software and Affected Versions Altra Side Menu WordPress plugin through 2.0 Description The issue is related to the lack of CSRF checks in some places, which could allow attackers to make logged-in admins delete arbitrary menus via a CSRF attack. This could potentially be...
CVE-2024-7380
The Geo Controller plugin for WordPress is vulnerable to unauthorized menu creation/deletion due to missing capability checks on the ajaxgeolocatemenu and ajaxgeolocateremovemenu functions in all versions up to, and including, 8.7.3. This makes it possible for authenticated attackers, with...
CVE-2024-7380
CVE-2024-7380 — Geo Controller (WordPress) security issue : The Geo Controller plugin (WordPress) up to and including version 8.6.9 is vulnerable to unauthorized menu creation/deletion due to missing capability checks in ajax__geolocate_menu and ajax__geolocate_remove_menu. Affected product: Geo ...
CVE-2024-7380 Geo Controller <= 8.7.3 - Missing Authorization to Authenticated (Subscriber+) Menu Creation/Deletion
The Geo Controller plugin for WordPress is vulnerable to unauthorized menu creation/deletion due to missing capability checks on the ajaxgeolocatemenu and ajaxgeolocateremovemenu functions in all versions up to, and including, 8.7.3. This makes it possible for authenticated attackers, with...
CVE-2024-7380 Geo Controller <= 8.7.3 - Missing Authorization to Authenticated (Subscriber+) Menu Creation/Deletion
The Geo Controller plugin for WordPress is vulnerable to unauthorized menu creation/deletion due to missing capability checks on the ajaxgeolocatemenu and ajaxgeolocateremovemenu functions in all versions up to, and including, 8.7.3. This makes it possible for authenticated attackers, with...
WordPress Float menu plugin < 6.0.1 - Menu Deletion via CSRF vulnerability
Menu Deletion via CSRF vulnerability discovered by Erwan LR WPScan in WordPress Plugin Float menu versions 6.0.1...
CVE-2024-3476 Side Menu Lite < 4.2.1 - Menu Deletion via CSRF
The Side Menu Lite WordPress plugin before 4.2.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks...
CVE-2024-2405 Float menu < 6.0.1 - Menu Deletion via CSRF
The Float menu WordPress plugin before 6.0.1 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admin delete arbitrary menu via a CSRF attack...
Float menu < 6.0.1 - Menu Deletion via CSRF
Description The plugin does not have CSRF check in its bulk actions, which could allow attackers to make logged in admin delete arbitrary menu via a CSRF attack. PoC Make a logged in admin open one a page with the code below, this will make them delete the menu with ID 1:...