Search criteria

2 vulnerabilities found for Menu Image, Icons made easy by Unknown

CVE-2022-0450 (GCVE-0-2022-0450)

Vulnerability from cvelistv5 – Published: 2022-03-28 17:22 – Updated: 2024-08-02 23:25
VLAI?
Title
Menu Image, Icons made easy < 3.0.8 - Subscriber+ Stored Cross-Site Scripting
Summary
The Menu Image, Icons made easy WordPress plugin before 3.0.6 does not have authorisation and CSRF checks when saving menu settings, and does not validate, sanitise and escape them. As a result, any authenticate users, such as subscriber can update the settings or arbitrary menu and put Cross-Site Scripting payloads in them which will be triggered in the related menu in the frontend
Severity ?
No CVSS data available.
CWE
Assigner
References
https://wpscan.com/vulnerability/612f9273-acc8-4b… exploitvdb-entrytechnical-description
Impacted products
Vendor Product Version
Unknown Menu Image, Icons made easy Affected: 0 , < 3.0.6 (custom)
Create a notification for this product.
Credits
Krzysztof Zając WPScan
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:25:40.610Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "exploit",
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/612f9273-acc8-4be6-b372-33f1e687f54a"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "product": "Menu Image, Icons made easy",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "3.0.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Krzysztof Zaj\u0105c"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "WPScan"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Menu Image, Icons made easy WordPress plugin before 3.0.6 does not have authorisation and CSRF checks when saving menu settings, and does not validate, sanitise and escape them. As a result, any authenticate users, such as subscriber can update the settings or arbitrary menu and put Cross-Site Scripting payloads in them which will be triggered in the related menu in the frontend"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-116 Improper Encoding or Escaping of Output",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-04T08:03:26.163Z",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "exploit",
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://wpscan.com/vulnerability/612f9273-acc8-4be6-b372-33f1e687f54a"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Menu Image, Icons made easy \u003c 3.0.8 - Subscriber+ Stored Cross-Site Scripting",
      "x_generator": {
        "engine": "WPScan CVE Generator"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2022-0450",
    "datePublished": "2022-03-28T17:22:50",
    "dateReserved": "2022-02-01T00:00:00",
    "dateUpdated": "2024-08-02T23:25:40.610Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-0450 (GCVE-0-2022-0450)

Vulnerability from nvd – Published: 2022-03-28 17:22 – Updated: 2024-08-02 23:25
VLAI?
Title
Menu Image, Icons made easy < 3.0.8 - Subscriber+ Stored Cross-Site Scripting
Summary
The Menu Image, Icons made easy WordPress plugin before 3.0.6 does not have authorisation and CSRF checks when saving menu settings, and does not validate, sanitise and escape them. As a result, any authenticate users, such as subscriber can update the settings or arbitrary menu and put Cross-Site Scripting payloads in them which will be triggered in the related menu in the frontend
Severity ?
No CVSS data available.
CWE
Assigner
References
https://wpscan.com/vulnerability/612f9273-acc8-4b… exploitvdb-entrytechnical-description
Impacted products
Vendor Product Version
Unknown Menu Image, Icons made easy Affected: 0 , < 3.0.6 (custom)
Create a notification for this product.
Credits
Krzysztof Zając WPScan
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:25:40.610Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "exploit",
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/612f9273-acc8-4be6-b372-33f1e687f54a"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "product": "Menu Image, Icons made easy",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "3.0.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Krzysztof Zaj\u0105c"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "WPScan"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Menu Image, Icons made easy WordPress plugin before 3.0.6 does not have authorisation and CSRF checks when saving menu settings, and does not validate, sanitise and escape them. As a result, any authenticate users, such as subscriber can update the settings or arbitrary menu and put Cross-Site Scripting payloads in them which will be triggered in the related menu in the frontend"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-116 Improper Encoding or Escaping of Output",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-04T08:03:26.163Z",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "exploit",
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://wpscan.com/vulnerability/612f9273-acc8-4be6-b372-33f1e687f54a"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Menu Image, Icons made easy \u003c 3.0.8 - Subscriber+ Stored Cross-Site Scripting",
      "x_generator": {
        "engine": "WPScan CVE Generator"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2022-0450",
    "datePublished": "2022-03-28T17:22:50",
    "dateReserved": "2022-02-01T00:00:00",
    "dateUpdated": "2024-08-02T23:25:40.610Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}