53 matches found
Incomplete List of Disallowed Inputs
Overview Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the defaultSanitizer function in FileAdder.php. An attacker can upload files with double extensions or omitted executable extensions, potentially leading to remote code execution by bypassing fil...
CVE-2014-4717
Multiple cross-site request forgery CSRF vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 ssbasharetext parameter in a save...
WordPress Header Footer Script Adder plugin Cross Site Scripting Vulnerability
WordPress Header Footer Script Adder plugin is a plugin that allows users to insert custom code in the header and footer areas of a website. The WordPress Header Footer Script Adder plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective...
EUVD-2025-203203
The Header Footer Script Adder – Insert Code in Header, Body & Footer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the script adder present in posts in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it...
CVE-2025-12109
The Header Footer Script Adder – Insert Code in Header, Body & Footer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the script adder present in posts in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it...
CVE-2025-12109 Header Footer Script Adder – Insert Code in Header, Body & Footer <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Header Footer Script Adder – Insert Code in Header, Body & Footer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the script adder present in posts in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it...
CVE-2025-12109
CVE-2025-12109 documents a stored XSS in the WordPress plugin Header Footer Script Adder – Insert Code in Header, Body & Footer, affecting all versions up to 2.0.5. Exploitation requires authentication at Contributor level or higher, allowing injected scripts to execute for users visiting the pag...
PT-2025-51058
The Header Footer Script Adder – Insert Code in Header, Body & Footer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the script adder present in posts in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it...
WordPress Header Footer Script Adder – Insert Code in Header, Body & Footer plugin <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Powpy in WordPress Plugin Header Footer Script Adder versions = 2.0.5...
EUVD-2015-1009
Malware in sbrugna...
EUVD-2015-9143
Malware in sbrugna...
EUVD-2014-4636
Malware in sbrugna...
CVE-2015-9303
The simple-share-buttons-adder plugin before 6.0.0 for WordPress has XSS...
CVE-2024-4094 Simple Share Buttons Adder < 8.5.1 - Admin+ Stored XSS
The Simple Share Buttons Adder WordPress plugin before 8.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
WordPress Simple Share Buttons Adder Plugin < 8.5.1 is vulnerable to Cross Site Scripting (XSS)
Software Simple Share Buttons Adder Type Plugin Vulnerable versions 8.5.1 Fixed in 8.5.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4094 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 47ccb3022e74 Credits Dmitrii Ignatye...
Simple Share Buttons Adder < 8.5.1 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed 1. Go to the plugin settings 2. In the "Additional CSS" field, enter the payload 3. Save...
WordPress Plugin Simple Share Buttons Adder Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress Simple Share Buttons Adder Plugin <= 8.4.11 is vulnerable to Cross Site Scripting (XSS)
Software Simple Share Buttons Adder Type Plugin Vulnerable versions = 8.4.11 Fixed in 8.4.12 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0621 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID 449c4b786154 Credits Akbar...
Simple Share Buttons Adder < 8.4.12 - Authenticated(Administrator+) Stored Cross-Site Scripting via CSS Settings
Description The Simple Share Buttons Adder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.4.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2022-40700
Server-Side Request Forgery SSRF vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP – Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet – A virtual wallet for WooCommerce, Long Watch Studio WooVIP – Membership plugin for WordPress a...