CVE-2026-8688 Advance Nav Menu Manager <= 1.3 - Missing Authorization to Authenticated (Subscriber+) Nav Menu Item Modification via anmm_save_menu_data AJAX Action

The Advance Nav Menu Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

EUVD-2025-5343

Cross-Site Request Forgery CSRF vulnerability in Required Admin Menu Manager allows Cross Site Request Forgery.This issue affects Admin Menu Manager: from n/a through 1.0.3...

Cross-site Scripting (XSS)

Overview com.vaadin:vaadin-server is a Java framework for modern Java web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the ContextMenuManager and Action classed, when handling Action captions. An attacker can cause scripts to be executed by injecti...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the ContextMenuManager and Action classed, when handling Action captions. An attacker can cause scripts to be executed by injecting them into captions. Note: As of version 23, the Action class is only used by...

EUVD-2010-1495

Malware in sbrugna...

EUVD-2020-9994

Malware in sbrugna...

EUVD-2024-52501

Malicious code in bioql PyPI...

EUVD-2025-16954

Malicious code in bioql PyPI...

EUVD-2025-2040

Malicious code in bioql PyPI...

EUVD-2025-10652

Malicious code in bioql PyPI...

EUVD-2025-24541

Malicious code in bioql PyPI...

CVE-2025-8491

The Easy restaurant menu manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the nsceprmsavemenu function. This makes it possible for unauthenticated attackers to upload a men...

CVE-2025-8491

CVE-2025-8491 concerns the Easy restaurant menu manager plugin for WordPress. The vulnerability is a Cross-Site Forgery (CSRF) due to missing/incorrect nonce validation in the nsc_eprm_save_menu() function, allowing unauthenticated attackers to upload a menu file by tricking an administrator. Aff...

CVE-2025-8491 Easy restaurant menu manager <= 2.0.2 - Cross-Site Request Forgery to Menu Upload

The Easy restaurant menu manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the nsceprmsavemenu function. This makes it possible for unauthenticated attackers to upload a men...

WordPress plugin Easy restaurant menu manager 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

CVE-2025-6673 Easy restaurant menu manager <= 2.0.1 - Authenticated (Contributot+) Stored Cross-Site Scripting via `nsc_eprm_menu_link` Shortcode

The Easy restaurant menu manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's nsceprmmenulink shortcode in versions up to, and including 2.0.1, due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2025-27865 · WordPress · Easy Restaurant Menu Manager

Name of the Vulnerable Software and Affected Versions: Easy Restaurant Menu Manager plugin for WordPress versions up to and including 2.0.1 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the nsc eprm menu link shortcode. This...

CVE-2025-5628

A vulnerability, which was classified as problematic, has been found in SourceCodester Food Menu Manager 1.0. Affected by this issue is some unknown functionality of the file /index.php of the component Add Menu Handler. The manipulation of the argument name/description leads to cross site...

CVE-2025-5628

A vulnerability, which was classified as problematic, has been found in SourceCodester Food Menu Manager 1.0. Affected by this issue is some unknown functionality of the file /index.php of the component Add Menu Handler. The manipulation of the argument name/description leads to cross site...

CVE-2025-5628

A vulnerability, which was classified as problematic, has been found in SourceCodester Food Menu Manager 1.0. Affected by this issue is some unknown functionality of the file /index.php of the component Add Menu Handler. The manipulation of the argument name/description leads to cross site...