Description
WordPress Plugin Menu Image is prone to an issue which allows the add-on of malicious scripts to the affected website, through the use of notice.php file. WordPress Plugin Menu Image version 2.6.9 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.7.0 or latest
References
Related Vulnerabilities
MySQL Improper Input Validation Vulnerability (CVE-2017-3256)
Joomla! Core Cross-Site Scripting (2.5.0 - 3.9.24)
WordPress Plugin My Tickets Cross-Site Scripting (1.8.30)
WordPress Plugin Autoptimize Multiple Vulnerabilities (2.7.6)
Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-20099)