Vulnerabilities and security researches forshiftnav-responsive-mobile-menu shiftnav-responsive-mobile-menu

Jun 15, 2025

CVE, Research URL: CVE-2025-49243
Home page URL: Security reports for ShiftNav – Responsive Mobile Menu
Application: ShiftNav – Responsive Mobile Menu
Date: Jun 06, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sevenspark ShiftNav – Responsive Mobile Menu allows Stored XSS. This issue affects ShiftNav – Responsive Mobile Menu: from n/a through 1.8.
Affected versions: Min -, max -.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: CVE-2022-4627
Home page URL: Security reports for ShiftNav – Responsive Mobile Menu
Application: ShiftNav – Responsive Mobile Menu
Date: Jan 23, 2023
Research Description: The ShiftNav WordPress plugin before 1.7.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
Affected versions: Min -, max -.
Status: vulnerable