monster_menus_project CVE Vulnerabilities & Metrics

Focus on monster_menus_project vulnerabilities and metrics.

Last updated: 10 Sep 2025, 22:25 UTC

About monster_menus_project Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with monster_menus_project. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total monster_menus_project CVEs: 3
Earliest CVE date: 21 Aug 2013, 14:55 UTC
Latest CVE date: 09 Jan 2025, 21:15 UTC

Latest CVE reference: CVE-2024-13288

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 2

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical monster_menus_project CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 2.62

Max CVSS: 6.0

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	4
4.0-6.9	2
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS monster_menus_project CVEs

These are the five CVEs with the highest CVSS scores for monster_menus_project, sorted by severity first and recency.

CVE-2013-4230 monster_menus_project Published on 21 Aug 2013, 14:55 UTC (CVSS: 6.0)
The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the "Who can read data submitted to this webform" permission to delete arbitrary submissions via unspecified vectors.
CVE-2015-8095 monster_menus_project Published on 09 Nov 2015, 16:59 UTC (CVSS: 5.0)
The recycle bin feature in the Monster Menus module 7.x-1.21 before 7.x-1.24 for Drupal does not properly remove nodes from view, which allows remote attackers to obtain sensitive information via an unspecified URL pattern.
CVE-2013-4504 monster_menus_project Published on 13 May 2014, 15:55 UTC (CVSS: 2.6)
The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL.
CVE-2013-4229 monster_menus_project Published on 21 Aug 2013, 14:55 UTC (CVSS: 2.1)
Cross-site scripting (XSS) vulnerability in the Monster Menus module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated users with permissions to add pages to inject arbitrary web script or HTML via a title in the page settings.
CVE-2024-13288 monster_menus_project Published on 09 Jan 2025, 21:15 UTC (CVSS: 0)
Deserialization of Untrusted Data vulnerability in Drupal Monster Menus allows Object Injection.This issue affects Monster Menus: from 0.0.0 before 9.3.4, from 9.4.0 before 9.4.2.

All CVEs for monster_menus_project

CVE-2024-13288 monster_menus_project vulnerability CVSS: 0 09 Jan 2025, 21:15 UTC

Deserialization of Untrusted Data vulnerability in Drupal Monster Menus allows Object Injection.This issue affects Monster Menus: from 0.0.0 before 9.3.4, from 9.4.0 before 9.4.2.

CVE-2024-13281 monster_menus_project vulnerability CVSS: 0 09 Jan 2025, 20:15 UTC

Incorrect Authorization vulnerability in Drupal Monster Menus allows Forceful Browsing.This issue affects Monster Menus: from 0.0.0 before 9.3.2.

CVE-2015-8095 monster_menus_project vulnerability CVSS: 5.0 09 Nov 2015, 16:59 UTC

The recycle bin feature in the Monster Menus module 7.x-1.21 before 7.x-1.24 for Drupal does not properly remove nodes from view, which allows remote attackers to obtain sensitive information via an unspecified URL pattern.

CVE-2013-4504 monster_menus_project vulnerability CVSS: 2.6 13 May 2014, 15:55 UTC

The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL.

CVE-2013-4230 monster_menus_project vulnerability CVSS: 6.0 21 Aug 2013, 14:55 UTC

The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the "Who can read data submitted to this webform" permission to delete arbitrary submissions via unspecified vectors.

CVE-2013-4229 monster_menus_project vulnerability CVSS: 2.1 21 Aug 2013, 14:55 UTC

Cross-site scripting (XSS) vulnerability in the Monster Menus module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated users with permissions to add pages to inject arbitrary web script or HTML via a title in the page settings.