CVE-2014-4717

Multiple cross-site request forgery CSRF vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 ssbasharetext parameter in a save...

WordPress Header Footer Script Adder plugin Cross Site Scripting Vulnerability

WordPress Header Footer Script Adder plugin is a plugin that allows users to insert custom code in the header and footer areas of a website. The WordPress Header Footer Script Adder plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective...

EUVD-2025-203203

The Header Footer Script Adder – Insert Code in Header, Body & Footer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the script adder present in posts in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it...

CVE-2025-12109

The Header Footer Script Adder – Insert Code in Header, Body & Footer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the script adder present in posts in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it...

CVE-2025-12109 Header Footer Script Adder – Insert Code in Header, Body & Footer <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Header Footer Script Adder – Insert Code in Header, Body & Footer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the script adder present in posts in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it...

CVE-2025-12109

CVE-2025-12109 documents a stored XSS in the WordPress plugin Header Footer Script Adder – Insert Code in Header, Body & Footer, affecting all versions up to 2.0.5. Exploitation requires authentication at Contributor level or higher, allowing injected scripts to execute for users visiting the pag...

PT-2025-51058

The Header Footer Script Adder – Insert Code in Header, Body & Footer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the script adder present in posts in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it...

WordPress Header Footer Script Adder – Insert Code in Header, Body & Footer plugin <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Powpy in WordPress Plugin Header Footer Script Adder versions = 2.0.5...

EUVD-2015-9143

Malware in sbrugna...

EUVD-2015-1009

Malware in sbrugna...

EUVD-2014-4636

Malware in sbrugna...

CVE-2015-9303

The simple-share-buttons-adder plugin before 6.0.0 for WordPress has XSS...

CVE-2024-4094 Simple Share Buttons Adder < 8.5.1 - Admin+ Stored XSS

The Simple Share Buttons Adder WordPress plugin before 8.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

WordPress Simple Share Buttons Adder Plugin < 8.5.1 is vulnerable to Cross Site Scripting (XSS)

Software Simple Share Buttons Adder Type Plugin Vulnerable versions 8.5.1 Fixed in 8.5.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4094 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 47ccb3022e74 Credits Dmitrii Ignatye...

Simple Share Buttons Adder < 8.5.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed 1. Go to the plugin settings 2. In the "Additional CSS" field, enter the payload 3. Save...

WordPress Plugin Simple Share Buttons Adder Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

Simple Share Buttons Adder < 8.4.12 - Authenticated(Administrator+) Stored Cross-Site Scripting via CSS Settings

Description The Simple Share Buttons Adder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.4.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress Simple Share Buttons Adder Plugin <= 8.4.11 is vulnerable to Cross Site Scripting (XSS)

Software Simple Share Buttons Adder Type Plugin Vulnerable versions = 8.4.11 Fixed in 8.4.12 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0621 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID 449c4b786154 Credits Akbar...

CVE-2022-40700

Server-Side Request Forgery SSRF vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP – Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet – A virtual wallet for WooCommerce, Long Watch Studio WooVIP – Membership plugin for WordPress a...

PT-2024-11631 · Agence Press · Css Adder By Agence-Press

Name of the Vulnerable Software and Affected Versions: Montonio for WooCommerce versions 6.0.1 and earlier Wpopal Core Features versions 1.5.8 and earlier ArcStone wp-amo versions 4.6.6 and earlier WooVirtualWallet – A virtual wallet for WooCommerce versions 2.2.1 and earlier WooVIP – Membership...