VYPR

Megamenu

by WordPress

CVEs (5)

  • CVE-2021-4443CriOct 16, 2024
    risk 0.64cvss 9.8epss 0.01

    The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions up to, and including, 2.0.6 via the compiler_save AJAX action. This makes it possible for unauthenticated attackers to create arbitrary PHP files that can be used to execute…

  • CVE-2024-35677CriJun 10, 2024
    risk 0.59cvss 9.0epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes MegaMenu allows PHP Local File Inclusion.This issue affects MegaMenu: from n/a through 2.3.12.

  • CVE-2022-0628MedMar 21, 2022
    risk 0.40cvss 6.1epss 0.01

    The Mega Menu WordPress plugin before 3.0.8 does not sanitize and escape the _wpnonce parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.

  • CVE-2017-18525MedAug 21, 2019
    risk 0.40cvss 6.1epss 0.01

    The megamenu plugin before 2.4 for WordPress has XSS.

  • CVE-2024-28003MedMar 28, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Megamenu Max Mega Menu.This issue affects Max Mega Menu: from n/a through 3.3.