CVE-2026-2305

The AddFunc Head & Footer Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the aFhfcheadcode, aFhfcbodycode, and aFhfcfootercode post meta values in all versions up to, and including, 2.3. This is due to the plugin outputting these meta values without any sanitization or...

CVE-2026-2305

CVE-2026-2305 : The AddFunc Head & Footer Code WordPress plugin (versions up to and including 2.3) is vulnerable to Stored Cross-Site Scripting via the post meta keys aFhfc_head_code, aFhfc_body_code, and aFhfc_footer_code. The vulnerability arises because these values are output without sanitiza...

WordPress AddFunc Head & Footer Code plugin <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Fields vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Custom Fields vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin AddFunc Head & Footer Code versions = 2.3...

WordPress plugin AddFunc Head & Footer Code 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

EUVD-2025-2828

Malicious code in bioql PyPI...

CVE-2025-22550

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Joe Rhoney AddFunc Mobile Detect addfunc-mobile-detect allows Stored XSS.This issue affects AddFunc Mobile Detect: from n/a through = 3.1...

CVE-2025-22550

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Joe Rhoney AddFunc Mobile Detect addfunc-mobile-detect allows Stored XSS.This issue affects AddFunc Mobile Detect: from n/a through = 3.1...

CVE-2025-22550

CVE-2025-22550 affects AddFunc Mobile Detect (WordPress plugin). The issue is a Stored Cross-Site Scripting vulnerability in AddFunc Mobile Detect &lt;= 3.1, caused by improper input neutralization during web page generation. Impact is stored XSS as described in multiple sources; no public exploi...

CVE-2025-22550 WordPress AddFunc Mobile Detect plugin <= 3.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Joe Rhoney AddFunc Mobile Detect addfunc-mobile-detect allows Stored XSS.This issue affects AddFunc Mobile Detect: from n/a through = 3.1...

CVE-2025-22550 WordPress AddFunc Mobile Detect plugin <= 3.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AddFunc AddFunc Mobile Detect allows Stored XSS.This issue affects AddFunc Mobile Detect: from n/a through 3.1...

WordPress AddFunc Mobile Detect plugin <= 3.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin AddFunc Mobile Detect versions = 3.1...

WordPress plugin AddFunc Mobile Detect 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers. WordPress plugin is an application plugin. A cross-site scripting vulnerability exists i...

PT-2025-4541 · Addfunc · Addfunc Mobile Detect

Name of the Vulnerable Software and Affected Versions: AddFunc Mobile Detect versions n/a through 3.1 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting'. This allows for Stored XSS in AddFunc Mobile Detect...