cleantalk
Vulnerabilities and Security Researches

Conditional Menus, CVE-2023-2654

CVE, Research URL

CVE-2023-2654

Home page URL

Security reports for Conditional Menus

Application

Conditional Menus

Published on
Jun 19, 2023
Research Description
The Conditional Menus WordPress plugin before 1.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Affected versions
max 1.2.1.
Status
vulnerable
Previous vulnerability researches
Conditional Menus (CVE-2023-2654) , Jun 07, 2024
Conditional Menus (CVE-2026-1032) , Apr 14, 2026
New vulnerability
Modular DS: Manage all your websites from a single dashboard (CVE-2026-3903) , Apr 14, 2026
Brid Video Easy Publish (CVE-2025-8072) , Apr 14, 2026
Hustle – Email Marketing, Lead Generation, Optins, Popups (CVE-2026-0911) , Apr 14, 2026
ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) (CVE-2026-1992) , Apr 14, 2026
ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) (CVE-2026-1993) , Apr 14, 2026