61 matches found
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in 99robots Header Footer Code Manager plugin = 1.1.34 versions...
CVE-2023-39989
CVE-2023-39989 affects the WordPress plugin Header Footer Code Manager (versions ≤ 1.1.34). The issue is a Cross-Site Request Forgery (CSRF) vulnerability, allowing unauthenticated exploitation of authorized actions. Patchstack lists a fix in 1.1.35 and notes the vulnerability has a low severity ...
WordPress Header Footer Code Manager Plugin <= 1.1.34 is vulnerable to Cross Site Request Forgery (CSRF)
Software Header Footer Code Manager Type Plugin Vulnerable versions = 1.1.34 Fixed in 1.1.35 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-39989 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 5536fb0cce4a Credits Rafie...
WordPress Header Footer Code Manager Plugin < 1.1.24 XSS Vulnerability
The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
CVE-2022-0899
The Header Footer Code Manager WordPress plugin before 1.1.24 does not escape generated URLs before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting...
CVE-2022-0899
The Header Footer Code Manager WordPress plugin before 1.1.24 does not escape generated URLs before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting...
CVE-2022-0899 Header Footer Code Manager < 1.1.24 - Reflected Cross-Site Scripting
The Header Footer Code Manager WordPress plugin before 1.1.24 does not escape generated URLs before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting...
CVE-2022-0899
CVE-2022-0899 affects the WordPress plugin Header Footer Code Manager prior to version 1.1.24. The vulnerability arises because generated URLs are not escaped before being output in admin page attributes, enabling Reflected Cross-Site Scripting. Exploitation context: authenticated attackers can i...
WordPress Header Footer Code Manager Plugin < 1.1.17 XSS Vulnerability
The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
CVE-2022-0710
The Header Footer Code Manager plugin = 1.1.16 for WordPress is vulnerable to Reflected Cross-Site Scripting XSS via the $REQUEST'page' parameter...
CVE-2022-0710
The CVE-2022-0710 entry concerns the WordPress plugin Header Footer Code Manager (versions ≤ 1.1.16). The vulnerability is a Reflected Cross-Site Scripting (XSS) flaw exploitable via the $_REQUEST['page'] parameter. Multiple sources confirm the affected plugin and the XSS impact; OpenVAS and Tena...
CVE-2022-0710 Header Footer Code Manager <= 1.1.16 Reflected XSS
The Header Footer Code Manager plugin = 1.1.16 for WordPress is vulnerable to Reflected Cross-Site Scripting XSS via the $REQUEST'page' parameter...
WordPress Header Footer Code Manager plugin跨站脚本漏洞
WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress Header Footer Code Manager plugin 1.1.16 and previous versions have a cross-site scripting vulnerability that can...
Reflected XSS in Header Footer Code Manager
On February 15, 2022, the Wordfence Threat Intelligence team responsibly disclosed a reflected Cross-Site Scripting XSS vulnerability in Header Footer Code Manager, a WordPress plugin with over 300,000 installations. The plugin publisher quickly acknowledged our initial contact and we sent the fu...
WordPress 99robots Header Footer Code Manager 1.1.16 Cross Site Scripting
On February 15, 2022, the Wordfence Threat Intelligence team responsibly disclosed a reflected Cross-Site Scripting XSS vulnerability in Header Footer Code Manager, a WordPress plugin with over 300,000 installations. The plugin publisher quickly acknowledged our initial contact and we sent the fu...
WordPress 99robots Header Footer Code Manager 1.1.16 Cross Site Scripting Vulnerability
The Wordfence Threat Intelligence team responsibly disclosed a reflected Cross-Site Scripting XSS vulnerability in Header Footer Code Manager, a WordPress plugin with over 300,000 installations. The plugin publisher quickly acknowledged our initial contact and we sent the full disclosure details...
WordPress Header Footer Code Manager plugin <= 1.1.16 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Ramuel Gall in WordPress Header Footer Code Manager plugin versions = 1.1.16. Solution Update the WordPress Header Footer Code Manager plugin to the latest available version at least 1.1.17...
CVE-2021-24791
The Header Footer Code Manager WordPress plugin before 1.1.14 does not validate and escape the "orderby" and "order" request parameters before using them in a SQL statement when viewing the Snippets admin dashboard, leading to SQL injections...
CVE-2021-24791 Header Footer Code Manager < 1.1.14 - Admin+ SQL Injections
The Header Footer Code Manager WordPress plugin before 1.1.14 does not validate and escape the "orderby" and "order" request parameters before using them in a SQL statement when viewing the Snippets admin dashboard, leading to SQL injections...
Header Footer Code Manager < 1.1.14 - Admin+ SQL Injections
The plugin does not validate and escape the "orderby" and "order" request parameters before using them in a SQL statement when viewing the Snippets admin dashboard, leading to SQL injections PoC...