CVE-2025-12958

The Rankology SEO and Analytics Tool plugin for WordPress is vulnerable to unauthorized modification of data due to an incorrect capability check on the 'rankologycodeblock' page in all versions up to, and including, 2.0. This makes it possible for authenticated attackers, with Editor-level acces...

CVE-2025-12958

The Rankology SEO and Analytics Tool plugin for WordPress is vulnerable to unauthorized modification of data due to an incorrect capability check on the 'rankologycodeblock' page in all versions up to, and including, 2.0. This makes it possible for authenticated attackers, with Editor-level acces...

CVE-2025-12958

CVE-2025-12958 affects Rankology SEO and Analytics Tool for WordPress. Wordfence reports an insecure capability check on the rankology_code_block page that allows authenticated attackers with Editor-level access and above to modify data by adding header/footer code blocks. The issue is tied to Ra...

CVE-2025-12958 Rankology SEO and Analytics Tool <= 2.0 - Incorrect Authorization to Authenticated (Editor+) Header & Footer Code Creation

The Rankology SEO and Analytics Tool plugin for WordPress is vulnerable to unauthorized modification of data due to an incorrect capability check on the 'rankologycodeblock' page in all versions up to, and including, 2.0. This makes it possible for authenticated attackers, with Editor-level acces...

CVE-2025-12958 Rankology SEO and Analytics Tool <= 2.0 - Incorrect Authorization to Authenticated (Editor+) Header & Footer Code Creation

The Rankology SEO and Analytics Tool plugin for WordPress is vulnerable to unauthorized modification of data due to an incorrect capability check on the 'rankologycodeblock' page in all versions up to, and including, 2.0. This makes it possible for authenticated attackers, with Editor-level acces...

WordPress Rankology SEO and Analytics Tool plugin <= 2.0 - Incorrect Authorization to Authenticated (Editor+) Header & Footer Code Creation vulnerability

Incorrect Authorization to Authenticated Editor+ Header & Footer Code Creation vulnerability discovered by SangNQ29 in WordPress Plugin Rankology SEO and Analytics Tool versions = 2.0...

CVE-2024-31609

Cross Site Scripting XSS vulnerability in BOSSCMS v3.10 allows attackers to run arbitrary code via the header code and footer code fields in code configuration...

PT-2024-24149 · Bosscms · Bosscms

Name of the Vulnerable Software and Affected Versions: BOSSCMS version 3.10 Description: A Cross Site Scripting XSS issue allows attackers to run arbitrary code via the header code and footer code fields in code configuration. This enables attackers to execute malicious scripts on the affected...

PageLayer < 1.8.0 - Author+ Stored XSS

Description The plugin doesn't prevent attackers with administrator privileges from inserting malicious JavaScript inside a post's header or footer code, even when unfilteredhtml is disallowed, such as in multi-site WordPress configurations. PoC - As a user with Author+ capabilities, create a new...

WordPress Plugin Page Builder: Pagelayer Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2024-15069 · WordPress · Pagelayer

Name of the Vulnerable Software and Affected Versions: The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress versions up to, and including, 1.7.8 Description: The issue is related to Stored Cross-Site Scripting via the pagelayer header code, pagelayer body open code, an...

CVE-2023-4687

The Page Builder: Pagelayer WordPress plugin before 1.7.7 doesn't prevent unauthenticated attackers from updating a post's header or footer code on scheduled posts...

WordPress plugin Pagelayer cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

SUSE: Security Advisory (SUSE-SU-2012:1210-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Honeywell WIN-PAK HTTP Header Code Execution Vulnerability

Honeywell WIN-PAK is a Honeywell Management System Center software package. Honeywell WIN-PAK has an HTTP header code execution vulnerability that can be exploited by an attacker to remotely execute code...

SUSE SLES10 Security Update : PHP5 (SUSE-SU-2012:1210-1)

This update fixes header code injection issues in PHP5 CVE-2011-1398 and CVE-2011-4388. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without...