1. Reverse Engineering >
  2. Exploits >
  3. megamenu Plugin up to 2.3 on WordPress cross site scripting [CVE-2017-18525]

ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

megamenu Plugin up to 2.3 on WordPress cross site scripting [CVE-2017-18525]


Exploits vom | Direktlink: vuldb.com Nachrichten Bewertung

A vulnerability has been found in megamenu Plugin up to 2.3 on WordPress (WordPress Plugin) and classified as problematic. This vulnerability affects an unknown functionality. Upgrading to version 2.4 eliminates this vulnerability....
https://vuldb.com/?id.140512

Externe Quelle mit kompletten Inhalt anzeigen


Zur Startseite von Team IT Security

➤ Weitere Beiträge von Team Security | IT Sicherheit

Ensure latest comments can only be viewed from public posts

vom 1383.04 Punkte ic_school_black_18dp
Issue where comments from password-protected posts and pages could be displayed under certain conditions. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 Wor

Add a new filter to extend set-screen-option

vom 1335.35 Punkte ic_school_black_18dp
Issue where set-screen-option could be misused by plugins leading to privilege escalation. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7

Prevent HTML decoding on by setting the proper editor context

vom 1335.35 Punkte ic_school_black_18dp
XSS issue where authenticated users with low privileges were able to add JavaScript to posts in the block editor. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 Wor

Ensure that wp_validate_redirect() sanitizes a wider variety of characters

vom 1335.35 Punkte ic_school_black_18dp
Open redirect issue in wp_validate_redirect(). This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.1

USN-3415-1: tcpdump vulnerabilities

vom 1236.76 Punkte ic_school_black_18dp
Ubuntu Security Notice USN-3415-1 13th September, 2017 tcpdump vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixe

USN-3415-2: tcpdump vulnerabilities

vom 1236.76 Punkte ic_school_black_18dp
Ubuntu Security Notice USN-3415-2 13th September, 2017 tcpdump vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in tcpdump Software description tcpdump

Update `wp_kses_bad_protocol()` to recognize `:` on uri attributes

vom 1210.62 Punkte ic_school_black_18dp
Update makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this works fine in most cases, there’s a risk that by using the colon html5 named entity, one is able to bypass this function. This vulnerabi

Authenticated XSS issue via theme uploads

vom 1203.28 Punkte ic_school_black_18dp
Unescaped variable could lead to authenticated XSS issue via theme uploads. This vulnerability affects the following application versions: WordPress 3.8 WordPress 3.8.1 WordPress 3.8.2

Issues related to referrer validation in the admin

vom 1140.92 Punkte ic_school_black_18dp
Ensure that admin referrer nonce is valid. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.1

A way to create a stored XSS to inject Javascript into style tags

vom 1137.25 Punkte ic_school_black_18dp
Reject file paths that contain sub-directory paths. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.1

Prevent unauthenticated views of publicly queryables content types

vom 1137.25 Punkte ic_school_black_18dp
The static query property was removed in order to prevent unauthenticated view of publicly queryable content types. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1

A server-side request forgery in the way that URLs were validated

vom 1137.25 Punkte ic_school_black_18dp
HTTP API: Protect against hex interpretation. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.1

Team Security Diskussion über megamenu Plugin up to 2.3 on WordPress cross site scripting [CVE-2017-18525]