CVE-2023-36526

Missing Authorization vulnerability in Inqsys Technology Duplicate Post Page Menu & Custom Post Type allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Duplicate Post Page Menu & Custom Post Type: from n/a through 2.4.1...

PT-2024-12569 · WordPress · Duplicate Post Page Menu & Custom Post Type

Name of the Vulnerable Software and Affected Versions: Duplicate Post Page Menu & Custom Post Type versions 2.3.1 through 2.4.1 Description: The issue affects the Duplicate Post Page Menu & Custom Post Type plugin, allowing for broken access control due to missing authorization. This enables...

WordPress plugin Duplicate Post Page Menu & Custom Post Type 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in WordPress plugin Duplica...

OpenSolution Quick CMS Cross-Site Scripting Vulnerability

OpenSolution Quick CMS is a free content management system organized by OpenSolution. A cross-site scripting vulnerability exists in OpenSolution Quick CMS v6.7, which stems from the lack of effective filtering and escaping of user-supplied data in the SEO - Meta description parameter of the Page...

Design/Logic Flaw

The Duplicate Post Page Menu & Custom Post Type plugin for WordPress is vulnerable to unauthorized page and post duplication due to a missing capability check on the duplicateppmcpostasdraft function in versions up to, and including, 2.3.1. This makes it possible for authenticated attackers with...

CVE-2023-4792

The CVE-2023-4792 entry describes a vulnerability in the WordPress plugin Duplicate Post Page Menu & Custom Post Type where a missing capability check in the function duplicate_ppmc_post_as_draft allows authenticated users with subscriber access or higher to duplicate posts/pages. Affected versio...

WordPress WP Home Page Menu plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is a WordPress application plugin. WordPress WP Home Page Menu plugin versions prior to 3.1 contain a cross-site scripting vulnerability that stems from the plugin's failure to...

CVE-2022-0684

The WP Home Page Menu WordPress plugin before 3.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-0684

The WP Home Page Menu WordPress plugin before 3.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-0684

The WP Home Page Menu WordPress plugin before 3.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-0684 WP Home Page Menu < 3.1 - Admin+ Stored Cross-Site Scripting

The WP Home Page Menu WordPress plugin before 3.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-0684

CVE-2022-0684 affects the WordPress plugin “WP Home Page Menu” pre-3.1. The vulnerability stems from insufficient sanitisation/escaping of the plugin’s settings, enabling stored Cross-Site Scripting (XSS) by high-privilege users (e.g., admins) even when unfiltered_html is disallowed. The impact i...

WordPress plugin 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is a WordPress application plugin. WordPress WP Home Page Menu plugin versions prior to 3.1 contain a cross-site scripting vulnerability that stems from the plugin's failure to...

WordPress WP Home Page Menu plugin <= 3.0 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by fuzzyap1 in WordPress WP Home Page Menu plugin versions = 3.0. Solution Update the WordPress WP Home Page Menu plugin to the latest available version at least 3.1...