Vulnerabilities and security researches forthemehunk-megamenu-plus themehunk-megamenu-plus
Direction: ascendingSep 26, 2024
Easy Mega Menu Plugin for WordPress – ThemeHunk # CVE-2024-8434
- CVE, Research URL
- Date
- Sep 25, 2024
- Research Description
- The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform actions like updating plugin settings.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Oct 09, 2024
Easy Mega Menu Plugin for WordPress – ThemeHunk # CVE-2024-8433
- CVE, Research URL
- Date
- Oct 08, 2024
- Research Description
- The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘themehunk_megamenu_bg_image' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Please note that this was partially fixed in 1.1.0 due to the missing authorization protection that was added.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Jun 14, 2025
Easy Mega Menu Plugin for WordPress – ThemeHunk # CVE-2025-30990
- CVE, Research URL
- Date
- Jun 06, 2025
- Research Description
- Missing Authorization vulnerability in ThemeHunk ThemeHunk allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ThemeHunk: from n/a through 1.1.1.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable