VYPR

Side Menu Lite

by WordPress

Source repositories

CVEs (5)

  • CVE-2024-3476HigMay 2, 2024
    risk 0.57cvss 8.8epss 0.00

    The Side Menu Lite WordPress plugin before 4.2.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks

  • CVE-2021-24580HigAug 30, 2021
    risk 0.57cvss 8.8epss 0.01

    The Side Menu Lite WordPress plugin before 2.2.6 does not sanitise user input from the List page in the admin dashboard before using it in SQL statement, leading to a SQL Injection issue

  • CVE-2021-24521HigAug 9, 2021
    risk 0.47cvss 7.2epss 0.02

    The Side Menu Lite – add sticky fixed buttons WordPress plugin before 2.2.1 does not properly sanitize input values from the browser when building an SQL statement. Users with the administrator role or permission to manage this plugin could perform an SQL Injection attack.

  • CVE-2025-24724MedJan 24, 2025
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Side Menu Lite side-menu-lite allows Cross Site Request Forgery.This issue affects Side Menu Lite: from n/a through <= 5.3.1.

  • CVE-2023-27418MedNov 12, 2023
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Side Menu Lite – add sticky fixed buttons plugin <= 4.0 versions.