2 matches found
CVE-2025-11453 Header and Footer Scripts <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Header and Footer Scripts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the inpostheadscript parameter in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
PT-2026-1694
Name of the Vulnerable Software and Affected Versions Header and Footer Scripts plugin for WordPress versions up to and including 2.2.2 Description The Header and Footer Scripts plugin for WordPress is susceptible to Stored Cross-Site Scripting through the inpost head script parameter. Insufficie...