Lucene search
K

83 matches found

CNNVD
CNNVD
added 2025/02/13 12:0 a.m.6 views

WordPress plugin Simple Responsive Menu 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

7.1CVSS8.3AI score0.00135EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/01/29 12:0 a.m.7 views

The vulnerability of the Responsive and off-canvas menu module in the Drupal CMS system, related to improper authentication, allows attackers to bypass security restrictions and execute a Forceful Browsing attack.

The vulnerability of the Responsive and off-canvas menu module in the Drupal CMS system is related to improper authentication. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and execute a Forceful Browsing attack...

5.3CVSS5.5AI score0.00334EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/01/09 7:16 p.m.1 views

CVE-2024-13266 Responsive and off-canvas menu - Moderately critical - Access bypass - SA-CONTRIB-2024-030

Incorrect Authorization vulnerability in Drupal Responsive and off-canvas menu allows Forceful Browsing.This issue affects Responsive and off-canvas menu: from 0.0.0 before 4.4.4...

5.3CVSS6.1AI score0.00334EPSS
Exploits0References5
CVE
CVE
added 2025/01/09 7:16 p.m.55 views

CVE-2024-13266

CVE-2024-13266 affects Drupal Responsive and off-canvas menu (versions 0.0.0 through 4.4.3). The issue is an Incorrect Authorization vulnerability that enables Forceful Browsing and may bypass node access restrictions in menus. A fix is available in 4.4.4 and later; upgrade to 4.4.4+ or apply the...

5.3CVSS6.7AI score0.00334EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/01/09 7:16 p.m.8 views

CVE-2024-13266 Responsive and off-canvas menu - Moderately critical - Access bypass - SA-CONTRIB-2024-030

Incorrect Authorization vulnerability in Drupal Responsive and off-canvas menu allows Forceful Browsing.This issue affects Responsive and off-canvas menu: from 0.0.0 before 4.4.4...

7AI score0.00334EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/09 12:0 a.m.5 views

Drupal 安全漏洞

Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in the Drupal Responsive and off-canvas menu prior to version 4.4.4, which stems from the inclusion of an authorization error vulnerability...

5.3CVSS6.7AI score0.00334EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/08/21 12:0 a.m.4 views

Drupal Responsive and off-canvas menu module < 4.4.4 - Unauthenticated Broken Access Control vulnerability

Unauthenticated Broken Access Control vulnerability discovered by collinhaines in WordPress Module Responsive and off-canvas menu versions 4.4.4...

7AI score
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/08/02 6:41 a.m.24 views

CVE-2024-3238 WordPress Menu Plugin — Superfly Responsive Menu <= 5.0.29 - Cross-Site Request Forgery to Arbitrary File Deletion

The WordPress Menu Plugin — Superfly Responsive Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.29. This is due to missing or incorrect nonce validation on the ajaxhandledeleteicons function. This makes it possible for unauthenticate...

8.8CVSS8.4AI score0.00382EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/08/02 6:41 a.m.19 views

CVE-2024-3238 WordPress Menu Plugin — Superfly Responsive Menu <= 5.0.29 - Cross-Site Request Forgery to Arbitrary File Deletion

The WordPress Menu Plugin — Superfly Responsive Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.29. This is due to missing or incorrect nonce validation on the ajaxhandledeleteicons function. This makes it possible for unauthenticate...

8.8CVSS0.00382EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/08/02 12:0 a.m.5 views

PT-2024-24541 · WordPress · Superfly Responsive Menu

Name of the Vulnerable Software and Affected Versions: WordPress Menu Plugin — Superfly Responsive Menu plugin for WordPress versions up to and including 5.0.29 Description: The issue is related to Cross-Site Request Forgery CSRF due to missing or incorrect nonce validation on the ajax handle...

8.8CVSS7.3AI score0.00382EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/08/02 12:0 a.m.5 views

WordPress plugin Superfly Responsive Menu 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.8CVSS6.4AI score0.00382EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2024/04/25 12:0 a.m.18 views

WordPress Menu Plugin — Superfly Responsive Menu <= 5.0.25 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Description The WordPress Menu Plugin — Superfly Responsive Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.0.25 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

7.1CVSS7.8AI score0.00514EPSS
Exploits0References1
OSV
OSV
added 2023/04/04 1:15 p.m.2 views

CVE-2023-23870

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in wpdevart Responsive Vertical Icon Menu plugin = 1.5.8 versions...

4.8CVSS5.8AI score0.00392EPSS
Exploits0References1
OSV
OSV
added 2022/03/18 6:15 p.m.4 views

CVE-2022-25602

Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin versions = 4.1.7...

8.8CVSS5.9AI score0.01262EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/03/18 6:0 p.m.18 views

CVE-2022-25602 WordPress Responsive Menu plugin <= 4.1.7 - Nonce token leak leading to arbitrary file upload, theme deletion, plugin settings change vulnerability

Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin versions = 4.1.7...

8.3CVSS8.8AI score0.01262EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/03/18 6:0 p.m.11 views

CVE-2022-25602 WordPress Responsive Menu plugin <= 4.1.7 - Nonce token leak leading to arbitrary file upload, theme deletion, plugin settings change vulnerability

Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin versions = 4.1.7...

8.3CVSS8.6AI score0.01262EPSS
Exploits0References2
CVE
CVE
added 2022/03/18 6:0 p.m.94 views

CVE-2022-25602

CVE-2022-25602 affects the WordPress Responsive Menu plugin (versions ≤ 4.1.7). A nonce token leak enables arbitrary file upload, theme deletion, and plugin settings changes. Multiple connected sources (Patchstack, WPVulndb, NVD/NVD-derived entries) corroborate the impact and prioritization as a ...

8.8CVSS8.6AI score0.01262EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/03/18 12:0 a.m.4 views

WordPress plugin Responsive Menu 代码问题漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. WordPress plugin Responsive Menu has a security vulnerability...

8.8CVSS7.9AI score0.01262EPSS
Exploits0References4
Patchstack
Patchstack
added 2022/03/16 12:0 a.m.33 views

WordPress Responsive Menu plugin <= 4.1.7 - Nonce token leak leading to arbitrary file upload, theme deletion, plugin settings change vulnerability

Nonce token leak leading to arbitrary file upload, theme deletion, plugin settings change vulnerability discovered by Dave Jong Patchstack in WordPress Responsive Menu plugin versions = 4.1.7. Solution Update the WordPress Responsive Menu plugin to the latest available version at least 4.1.8...

8.8CVSS3AI score0.01262EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/02/28 9:15 a.m.6 views

CVE-2021-24971

The WP Responsive Menu WordPress plugin before 3.1.7.1 does not have capability and CSRF checks in the wprliveupdate AJAX action, as well as do not sanitise and escape some of the data submitted. As a result, any authenticated, such as subscriber could update the plugin's settings and perform...

5.4CVSS6.1AI score0.00591EPSS
Exploits2References1
Rows per page
Query Builder