90 matches found
CVE-2022-0899 Header Footer Code Manager < 1.1.24 - Reflected Cross-Site Scripting
The Header Footer Code Manager WordPress plugin before 1.1.24 does not escape generated URLs before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting...
CVE-2022-0899
CVE-2022-0899 affects the WordPress plugin Header Footer Code Manager prior to version 1.1.24. The vulnerability arises because generated URLs are not escaped before being output in admin page attributes, enabling Reflected Cross-Site Scripting. Exploitation context: authenticated attackers can i...
WordPress plugin Header Footer Code Manager 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
Header Footer Code Manager < 1.1.24 - Reflected Cross-Site Scripting
The plugin does not escape generated URLs before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting. https://example.com/wp-admin/admin.php?page=hfcm-list&'alert/XSS/...
MAL-2022-853 Malicious code in addons-code-manager (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cf419ee2b522079bd06dfa8eb6b6da75b7689d383e7942157adbc220bed5a2df Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in addons-code-manager (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cf419ee2b522079bd06dfa8eb6b6da75b7689d383e7942157adbc220bed5a2df Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
WordPress Header Footer Code Manager Plugin < 1.1.17 XSS Vulnerability
The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
WordPress Code Manager plugin < 1.0.14 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Code Manager plugin versions 1.0.14. Solution Update the WordPress Code Manager plugin to the latest available version at least 1.0.14...
WordPress Code Manager plugin < 1.0.14 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Code Manager plugin versions 1.0.14. Solution Update the WordPress Code Manager plugin to the latest available version at least 1.0.14...
CVE-2022-0710
The Header Footer Code Manager plugin = 1.1.16 for WordPress is vulnerable to Reflected Cross-Site Scripting XSS via the $REQUEST'page' parameter...
CVE-2022-0710 Header Footer Code Manager <= 1.1.16 Reflected XSS
The Header Footer Code Manager plugin = 1.1.16 for WordPress is vulnerable to Reflected Cross-Site Scripting XSS via the $REQUEST'page' parameter...
CVE-2022-0710
The CVE-2022-0710 entry concerns the WordPress plugin Header Footer Code Manager (versions ≤ 1.1.16). The vulnerability is a Reflected Cross-Site Scripting (XSS) flaw exploitable via the $_REQUEST['page'] parameter. Multiple sources confirm the affected plugin and the XSS impact; OpenVAS and Tena...
WordPress Header Footer Code Manager plugin跨站脚本漏洞
WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress Header Footer Code Manager plugin 1.1.16 and previous versions have a cross-site scripting vulnerability that can...
Reflected XSS in Header Footer Code Manager
On February 15, 2022, the Wordfence Threat Intelligence team responsibly disclosed a reflected Cross-Site Scripting XSS vulnerability in Header Footer Code Manager, a WordPress plugin with over 300,000 installations. The plugin publisher quickly acknowledged our initial contact and we sent the fu...
WordPress 99robots Header Footer Code Manager 1.1.16 Cross Site Scripting
On February 15, 2022, the Wordfence Threat Intelligence team responsibly disclosed a reflected Cross-Site Scripting XSS vulnerability in Header Footer Code Manager, a WordPress plugin with over 300,000 installations. The plugin publisher quickly acknowledged our initial contact and we sent the fu...
WordPress plugin 跨站脚本漏洞
WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress Header Footer Code Manager plugin 1.1.16 and previous versions have a cross-site scripting vulnerability that can...
WordPress 99robots Header Footer Code Manager 1.1.16 Cross Site Scripting Vulnerability
The Wordfence Threat Intelligence team responsibly disclosed a reflected Cross-Site Scripting XSS vulnerability in Header Footer Code Manager, a WordPress plugin with over 300,000 installations. The plugin publisher quickly acknowledged our initial contact and we sent the full disclosure details...
WordPress Header Footer Code Manager plugin <= 1.1.16 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Ramuel Gall in WordPress Header Footer Code Manager plugin versions = 1.1.16. Solution Update the WordPress Header Footer Code Manager plugin to the latest available version at least 1.1.17...
CVE-2021-24791
The Header Footer Code Manager WordPress plugin before 1.1.14 does not validate and escape the "orderby" and "order" request parameters before using them in a SQL statement when viewing the Snippets admin dashboard, leading to SQL injections...
CVE-2021-24791 Header Footer Code Manager < 1.1.14 - Admin+ SQL Injections
The Header Footer Code Manager WordPress plugin before 1.1.14 does not validate and escape the "orderby" and "order" request parameters before using them in a SQL statement when viewing the Snippets admin dashboard, leading to SQL injections...