Max Mega Menu < 2.4 – Authenticated XSS | CVE 2017-18525

Affects Plugins

megamenu

Fixed in 2.4

References

CVE

CVE-2017-18525

URL

https://plugins.trac.wordpress.org/changeset?reponame=&new=1745385%40megamenu&old=1744678%40megamenu

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.1 (medium)

Miscellaneous

Verified

No

WPVDB ID

5a33fd66-85d0-4a0d-bbab-bec514c0ebe1

Timeline

Publicly Published

2017-10-17 (about 8 years ago)

Added

2019-06-17 (about 6 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2025-10-23

Title

Simple Pull Quote < 1.6.4 - Contributor+ Stored XSS

Published

2023-11-09

Title

Simple Site Verify < 1.0.8 - Admin+ Stored XSS

Published

2025-05-07

Title

Woobox < 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2023-01-24

Title

Youzify < 1.2.2 - Contributor+ Stored XSS

Published

2024-07-10

Title

Booking Ultra Pro < 1.1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting