Skip to main content

Admin Menu Editor

3 CVEs product

Monthly

CVE-2026-32456 MEDIUM This Month

A Cross-Site Request Forgery (CSRF) vulnerability exists in Janis Elsts Admin Menu Editor plugin for WordPress, affecting versions up to and including 1.14.1. An attacker can forge requests to modify administrator menu configurations without explicit consent, potentially leading to unauthorized changes to the WordPress admin interface. The vulnerability has a CVSS score of 4.3 (Low-Medium severity) and requires user interaction (UI:R) but can be exploited by an unauthenticated attacker over the network.

CSRF Admin Menu Editor
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2024-24876 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Janis Elsts Admin Menu Editor.12. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Admin Menu Editor
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2022-0625 MEDIUM POC This Month

The Admin Menu Editor WordPress plugin through 1.0.4 does not sanitize and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Admin Menu Editor
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
EPSS 0% CVSS 4.3
MEDIUM This Month

A Cross-Site Request Forgery (CSRF) vulnerability exists in Janis Elsts Admin Menu Editor plugin for WordPress, affecting versions up to and including 1.14.1. An attacker can forge requests to modify administrator menu configurations without explicit consent, potentially leading to unauthorized changes to the WordPress admin interface. The vulnerability has a CVSS score of 4.3 (Low-Medium severity) and requires user interaction (UI:R) but can be exploited by an unauthenticated attacker over the network.

CSRF Admin Menu Editor
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Janis Elsts Admin Menu Editor.12. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Admin Menu Editor
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

The Admin Menu Editor WordPress plugin through 1.0.4 does not sanitize and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Admin Menu Editor
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy