Vulnerabilities and security researches forslicknav-mobile-menu slicknav-mobile-menu

Jun 07, 2024

CVE, Research URL: CVE-2023-51548
Home page URL: Security reports for SlickNav Mobile Menu
Application: SlickNav Mobile Menu
Date: Feb 01, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Neil Gee SlickNav Mobile Menu allows Stored XSS.This issue affects SlickNav Mobile Menu: from n/a through 1.9.2.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: 8ac347471b50a1389d4769f6f81f6712a8065d8f
Home page URL: Security reports for SlickNav Mobile Menu
Application: SlickNav Mobile Menu
Date: Dec 09, 2023
Research Description: SlickNav Mobile Menu [slicknav-mobile-menu] < 1.9.3 SlickNav Mobile Menu <= 1.9.2 - Authenticated (Admin+) Stored Cross-Site Scripting The SlickNav Mobile Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions: Min -, max -.
Status: vulnerable