WordPress NinjaTeam Header Footer Custom Code plugin <= 1.2 - Admin+ Stored XSS via CSS Styles vulnerability

Admin+ Stored XSS via CSS Styles vulnerability discovered by Bob Matyas in WordPress Plugin NinjaTeam Header Footer Custom Code versions = 1.2...

CVE-2025-12109

The Header Footer Script Adder – Insert Code in Header, Body & Footer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the script adder present in posts in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it...

WordPress plugin Header Footer Script Adder 跨站脚本漏洞

WordPress Header Footer Script Adder plugin is a plugin that allows users to insert custom code in the header and footer areas of a website. The WordPress Header Footer Script Adder plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective...

Malicious code in @sellerly/sellzone-semrush2-header-footer (npm)

The package @sellerly/sellzone-semrush2-header-footer was found to contain malicious code...

CVE-2024-6617

The NinjaTeam Header Footer Custom Code WordPress plugin before 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

CVE-2024-6493

The NinjaTeam Header Footer Custom Code WordPress plugin before 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

CVE-2024-6493 NinjaTeam Header Footer Custom Code < 1.2 - Admin+ Stored XSS

The NinjaTeam Header Footer Custom Code WordPress plugin before 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

CVE-2024-6617 NinjaTeam Header Footer Custom Code <= 1.2 - Admin+ Stored XSS via CSS Styles

The NinjaTeam Header Footer Custom Code WordPress plugin before 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

WordPress NinjaTeam Header Footer Custom Code Plugin < 1.2 is vulnerable to Cross Site Scripting (XSS)

Software NinjaTeam Header Footer Custom Code Type Plugin Vulnerable versions 1.2 Fixed in 1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6493 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 618713328f1e Credits Takshal...

CVE-2024-4643 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘endredirectlink’ parameter in versions up to, and including, 5.7.1 due to insufficient input sanitization and output...

CVE-2024-4643 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘endredirectlink’ parameter in versions up to, and including, 5.7.1 due to insufficient input sanitization and output...

PT-2024-26143 · WordPress · Header Footer Code Manager

Name of the Vulnerable Software and Affected Versions: Header Footer Code Manager Pro plugin for WordPress versions up to, and including, 1.0.16 Description: The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping, allowing unauthenticated...

CVE-2023-39989 WordPress Header Footer Code Manager Plugin <= 1.1.34 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in 99robots Header Footer Code Manager plugin = 1.1.34 versions...

WordPress Plugin Header Footer Code Manager Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

Header Footer Code Manager Plugin for WordPress < 1.1.17 Cross-Site Scripting

The WordPress Header Footer Code Manager Plugin installed on the remote host is affected by a reflected Cross-Site Scripting XSS vulnerability due to improper validation of user-supplied input. Note that the scanner has not tested for these issues but has instead relied only on the application's...

WordPress Elementor – Header, Footer & Blocks Template plugin <= 1.5.7 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities discovered by WordFence in WordPress Elementor – Header, Footer & Blocks Template plugin versions = 1.5.7. Solution Update the WordPress Elementor – Header, Footer & Blocks Template plugin to the latest available version at...

PT-2023-12115 · Moodle +1 · Moodle +1

Name of the Vulnerable Software and Affected Versions: Moodle versions prior to 3.1.2 Moodle version 3.10.1 Description: The issue is related to persistent/stored cross-site scripting XSS due to improper input sanitization on the Additional HTML Section via Header and Footer parameter in...