VYPR

Menubar

by WordPress

CVEs (2)

  • CVE-2023-36687MedJul 11, 2023
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Andrea Tarantini Menubar plugin <= 5.8.2 versions.

  • CVE-2022-1152MedApr 25, 2022
    risk 0.35cvss 5.4epss 0.01

    The Menubar WordPress plugin before 5.8 does not sanitise and escape the command parameter before outputting it back in the response via the menubar AJAX action (available to any authenticated users), leading to a Reflected Cross-Site Scripting