Cross-site Scripting (XSS)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Scripting XSS in the rendering of menu item fields such as icon classes, URLs, and text labels without proper output encoding in the TopMenu plugin. An...

AVideo has Stored XSS via Unescaped Menu Item Fields in TopMenu Plugin

Summary The TopMenu plugin renders menu item fields icon classes, URLs, and text labels directly into HTML without applying htmlspecialchars or any other output encoding. Since menu items are rendered on every public page through plugin hooks, a single malicious menu entry results in stored...

EUVD-2026-11786

The Social Icons Widget & Block by WPZOOM plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check in the addmenuitem method hooked to adminmenu in all versions up to, and including, 4.5.8. This is due to the method performing wpinsertpost and...

EUVD-2007-5552

Malware in sbrugna...

EUVD-2021-11854

Malware in sbrugna...

EUVD-2025-10358

Malicious code in bioql PyPI...

CVE-2025-52358

A cross-site scripting vulnerability in Vivaldi United Group iCONTROL+ Server including Firmware version 4.7.8.0.eden Logic version 5.32 and below. This issue allows attackers to inject JavaScript payloads within the error or edit-menu-item parameters which are then executed in the victim's brows...

CVE-2023-0550

The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the fact that during menu item deletion/modification, the plugin does not verify that the post ID provided to the AJAX action is indeed a menu...

CVE-2023-46781

Cross-Site Request Forgery CSRF vulnerability in Roland Murg Current Menu Item for Custom Post Types plugin = 1.5 versions...

CVE-2018-14862

Incorrect access control in the mail templating system in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated internal users to delete arbitrary menuitems via a crafted RPC request...

CVE-2025-28409

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the add method of the /add/parentId endpoint does not properly validate whether the requesting user has permission to add a menu item under the specified parentId...

RuoYi 安全漏洞

RuoYi is a backend management system by the individual developer of RuoYi in China. A security vulnerability exists in RuoYi version v.4.8.0, which stems from the add method not properly verifying the requested user's permissions, which may result in the addition of a menu item...

CVE-2025-28409

The CVE-2025-28409 entry concerns RUoYi v4.8.0 where the add/{parentId} endpoint does not properly validate whether the requesting user has permission to add a menu item under the specified parentId, enabling privilege escalation. Affected software is RUoYi v4.8.0; the underlying issue is insuffi...

CVE-2025-28409

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the add method of the /add/parentId endpoint does not properly validate whether the requesting user has permission to add a menu item under the specified parentId...

CVE-2025-28913

Cross-Site Request Forgery CSRF vulnerability in Aftab Ali Muni WP Add Active Class To Menu Item wp-add-active-class-to-menu-item allows Cross Site Request Forgery.This issue affects WP Add Active Class To Menu Item: from n/a through = 1.0...

WordPress WP Add Active Class To Menu Item plugin <=1.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Thi Huyen Trang - Skalucy in WordPress Plugin WP Add Active Class To Menu Item versions = 1.0...

CVE-2025-28913

Cross-Site Request Forgery CSRF vulnerability in Aftab Ali Muni WP Add Active Class To Menu Item wp-add-active-class-to-menu-item allows Cross Site Request Forgery.This issue affects WP Add Active Class To Menu Item: from n/a through = 1.0...

CVE-2025-28913

CVE-2025-28913 is a CSRF vulnerability in the WP Add Active Class To Menu Item WordPress plugin, affecting versions up to 1.0. The connected sources confirm the issue and provide CVSS v3.1 base score 4.3 (Medium) but do not specify a patched version or concrete exploit details. No remediation ver...

WordPress plugin WP Add Active Class To Menu Item 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

CVE-2023-46781

Cross-Site Request Forgery CSRF vulnerability in Roland Murg Current Menu Item for Custom Post Types plugin = 1.5 versions...