22 matches found
EUVD-2024-30355
Malicious code in bioql PyPI...
CVE-2024-32553
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in looksawesome Superfly Menu superfly-menu.This issue affects Superfly Menu: from n/a through = 5.0.25...
CVE-2024-3238
The WordPress Menu Plugin — Superfly Responsive Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.29. This is due to missing or incorrect nonce validation on the ajaxhandledeleteicons function. This makes it possible for unauthenticate...
CVE-2024-3238 WordPress Menu Plugin — Superfly Responsive Menu <= 5.0.29 - Cross-Site Request Forgery to Arbitrary File Deletion
The WordPress Menu Plugin — Superfly Responsive Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.29. This is due to missing or incorrect nonce validation on the ajaxhandledeleteicons function. This makes it possible for unauthenticate...
CVE-2024-3238 WordPress Menu Plugin — Superfly Responsive Menu <= 5.0.29 - Cross-Site Request Forgery to Arbitrary File Deletion
The WordPress Menu Plugin — Superfly Responsive Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.29. This is due to missing or incorrect nonce validation on the ajaxhandledeleteicons function. This makes it possible for unauthenticate...
CVE-2024-3238
CVE-2024-3238 affects the WordPress Menu Plugin — Superfly Responsive Menu. The vulnerability is a Cross-Site Request Forgery due to missing or incorrect nonce validation in the ajax_handle_delete_icons() function, allowing unauthenticated attackers to delete arbitrary files if a site admin is tr...
WordPress Superfly Responsive Menu plugin <= 5.0.29 - Cross-Site Request Forgery to Arbitrary File Deletion vulnerability
Cross-Site Request Forgery to Arbitrary File Deletion vulnerability discovered by M.Awad in WordPress Plugin Superfly Menu versions = 5.0.29...
PT-2024-24541 · WordPress · Superfly Responsive Menu
Name of the Vulnerable Software and Affected Versions: WordPress Menu Plugin — Superfly Responsive Menu plugin for WordPress versions up to and including 5.0.29 Description: The issue is related to Cross-Site Request Forgery CSRF due to missing or incorrect nonce validation on the ajax handle...
WordPress plugin Superfly Responsive Menu 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Superfly Menu Plugin <= 5.0.29 is vulnerable to Cross Site Request Forgery (CSRF)
Software Superfly Menu Type Plugin Vulnerable versions = 5.0.29 Fixed in 5.0.30 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3238 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 281e95564a8a Credits M.Awad Required...
WordPress Menu Plugin — Superfly Responsive Menu <= 5.0.25 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Description The WordPress Menu Plugin — Superfly Responsive Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.0.25 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-32553
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in looksawesome Superfly Menu superfly-menu.This issue affects Superfly Menu: from n/a through = 5.0.25...
CVE-2024-32553 WordPress Superfly Menu plugin <= 5.0.25 - Subscriber+ Site-Wide Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in looksawesome Superfly Menu superfly-menu.This issue affects Superfly Menu: from n/a through = 5.0.25...
CVE-2024-32553 WordPress Superfly Menu plugin <= 5.0.25 - Subscriber+ Site-Wide Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in looksawesome Superfly Menu superfly-menu.This issue affects Superfly Menu: from n/a through = 5.0.25...
CVE-2024-32553
CVE-2024-32553 affects WordPress Plugin – WordPress Menu Plugin (Superfly Menu). Vulnerable component is looks_awesome functionality (stored XSS) with root cause described as improper neutralization of input during web page generation. Impact per sources is Stored XSS with confidentiality/integri...
WordPress Plugin Superfly 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress Superfly Menu plugin <= 5.0.25 - Subscriber+ Site-Wide Stored Cross Site Scripting (XSS) vulnerability
Subscriber+ Site-Wide Stored Cross Site Scripting XSS vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Superfly Menu versions = 5.0.25...
VulnCheck KEV: CVE-2024-32553
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in looksawesome Superfly Menu superfly-menu.This issue affects Superfly Menu: from n/a through = 5.0.25...
WordPress Superfly Menu Plugin <= 5.0.25 is vulnerable to Cross Site Scripting (XSS)
Software Superfly Menu Type Plugin Vulnerable versions = 5.0.25 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32553 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6079596969f5 Credits Dave Jong Patchstack Required...
dolomitisuperfly.com Cross Site Scripting vulnerability OBB-3754873
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...