Header Footer Code Manager < 1.1.14 - Admin+ SQL Injection

The Header Footer Code Manager WordPress plugin before 1.1.14 does not validate and escape the "orderby" and "order" request parameters before using them in a SQL statement when viewing the Snippets admin dashboard, leading to SQL injections id: CVE-2021-24791 info: name: Header Footer Code Manag...

Header Footer Code Manager < 1.1.24 - Cross-Site Scripting

The Header Footer Code Manager WordPress plugin before 1.1.24 does not escape generated URLs before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting. id: CVE-2022-0899 info: name: Header Footer Code Manager 1.1.24 - Cross-Site Scripting author:...

EUVD-2025-9217

Malicious code in bioql PyPI...

CVE-2025-31804

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DraftPress Team Follow Us Badges wpsite-follow-us-badges allows Stored XSS.This issue affects Follow Us Badges: from n/a through = 3.1.11...

CVE-2025-31804

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DraftPress Team Follow Us Badges wpsite-follow-us-badges allows Stored XSS.This issue affects Follow Us Badges: from n/a through = 3.1.11...

CVE-2025-31804 WordPress Follow Us Badges plugin <= 3.1.11 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DraftPress Team Follow Us Badges wpsite-follow-us-badges allows Stored XSS.This issue affects Follow Us Badges: from n/a through = 3.1.11...

CVE-2025-31804

CVE-2025-31804 corresponds to an authenticated Stored XSS in the WordPress plugin Follow Us Badges (wpsite-follow-us-badges) up to version 3.1.11. Root cause: improper input neutralization during web page generation. Impact, per connected docs, is stored XSS risk for authenticated users; no publi...