Header Footer Code Manager < 1.1.14 - Admin+ SQL Injection

The Header Footer Code Manager WordPress plugin before 1.1.14 does not validate and escape the "orderby" and "order" request parameters before using them in a SQL statement when viewing the Snippets admin dashboard, leading to SQL injections id: CVE-2021-24791 info: name: Header Footer Code Manag...

EUVD-2021-11703

Malware in sbrugna...

EUVD-2023-54538

Malicious code in bioql PyPI...

EUVD-2022-15785

Malicious code in bioql PyPI...

EUVD-2023-43682

Malicious code in bioql PyPI...

CVE-2024-3473

The Header Footer Code Manager Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the message parameter in all versions up to, and including, 1.0.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2023-39989

Cross-Site Request Forgery CSRF vulnerability in 99robots Header Footer Code Manager plugin = 1.1.34 versions...

CVE-2021-24791

The Header Footer Code Manager WordPress plugin before 1.1.14 does not validate and escape the "orderby" and "order" request parameters before using them in a SQL statement when viewing the Snippets admin dashboard, leading to SQL injections...

CVE-2024-6617

The NinjaTeam Header Footer Custom Code WordPress plugin before 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

CVE-2024-3105

The Woody code snippets – Insert Header Footer Code, AdSense Ads plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.5.0 via the 'insertphp' shortcode. This is due to the plugin not restricting the usage of the functionality to high level authorized...

Woody code snippets – Insert Header Footer Code, AdSense Ads < 2.5.1 -Authenticated (Contributor+) Remote Code Execution

Description The Woody code snippets – Insert Header Footer Code, AdSense Ads plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.5.0 via the 'insertphp' shortcode. This is due to the plugin not restricting the usage of the functionality to high leve...

WordPress Header Footer Code Manager Pro Plugin <= 1.0.16 is vulnerable to Cross Site Scripting (XSS)

Software Header Footer Code Manager Pro Type Plugin Vulnerable versions = 1.0.16 Fixed in 1.0.17 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3473 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7f73969b36b2 Credits...

CVE-2023-5087

The Page Builder: Pagelayer WordPress plugin before 1.7.8 doesn't prevent attackers with author privileges and higher from inserting malicious JavaScript inside a post's header or footer code...

WordPress Header Footer Code Manager Plugin < 1.1.35 CSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:draftpress:headerfootercodemanager"; ifdescription...

CVE-2023-39989

Cross-Site Request Forgery CSRF vulnerability in 99robots Header Footer Code Manager plugin = 1.1.34 versions...

CVE-2023-39989

Cross-Site Request Forgery CSRF vulnerability in 99robots Header Footer Code Manager plugin = 1.1.34 versions...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in 99robots Header Footer Code Manager plugin = 1.1.34 versions...

CVE-2023-39989

CVE-2023-39989 affects the WordPress plugin Header Footer Code Manager (versions ≤ 1.1.34). The issue is a Cross-Site Request Forgery (CSRF) vulnerability, allowing unauthenticated exploitation of authorized actions. Patchstack lists a fix in 1.1.35 and notes the vulnerability has a low severity ...

WordPress Header Footer Code Manager Plugin <= 1.1.34 is vulnerable to Cross Site Request Forgery (CSRF)

Software Header Footer Code Manager Type Plugin Vulnerable versions = 1.1.34 Fixed in 1.1.35 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-39989 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 5536fb0cce4a Credits Rafie...

WordPress Header Footer Code Manager Plugin < 1.1.24 XSS Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...