Header Footer Code Manager < 1.1.14 - Admin+ SQL Injection

The Header Footer Code Manager WordPress plugin before 1.1.14 does not validate and escape the "orderby" and "order" request parameters before using them in a SQL statement when viewing the Snippets admin dashboard, leading to SQL injections id: CVE-2021-24791 info: name: Header Footer Code Manag...

EUVD-2021-11703

Malware in sbrugna...

EUVD-2022-15785

Malicious code in bioql PyPI...

EUVD-2023-43682

Malicious code in bioql PyPI...

CVE-2024-3473

The Header Footer Code Manager Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the message parameter in all versions up to, and including, 1.0.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2023-39989

Cross-Site Request Forgery CSRF vulnerability in 99robots Header Footer Code Manager plugin = 1.1.34 versions...

CVE-2021-24791

The Header Footer Code Manager WordPress plugin before 1.1.14 does not validate and escape the "orderby" and "order" request parameters before using them in a SQL statement when viewing the Snippets admin dashboard, leading to SQL injections...

WordPress Header Footer Code Manager Pro Plugin <= 1.0.16 is vulnerable to Cross Site Scripting (XSS)

Software Header Footer Code Manager Pro Type Plugin Vulnerable versions = 1.0.16 Fixed in 1.0.17 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3473 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7f73969b36b2 Credits...

WordPress Header Footer Code Manager Plugin < 1.1.35 CSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:draftpress:headerfootercodemanager"; ifdescription...

CVE-2023-39989

Cross-Site Request Forgery CSRF vulnerability in 99robots Header Footer Code Manager plugin = 1.1.34 versions...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in 99robots Header Footer Code Manager plugin = 1.1.34 versions...

CVE-2023-39989

CVE-2023-39989 affects the WordPress plugin Header Footer Code Manager (versions ≤ 1.1.34). The issue is a Cross-Site Request Forgery (CSRF) vulnerability, allowing unauthenticated exploitation of authorized actions. Patchstack lists a fix in 1.1.35 and notes the vulnerability has a low severity ...

WordPress Header Footer Code Manager Plugin <= 1.1.34 is vulnerable to Cross Site Request Forgery (CSRF)

Software Header Footer Code Manager Type Plugin Vulnerable versions = 1.1.34 Fixed in 1.1.35 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-39989 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 5536fb0cce4a Credits Rafie...

WordPress Header Footer Code Manager Plugin < 1.1.24 XSS Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

CVE-2022-0899

The Header Footer Code Manager WordPress plugin before 1.1.24 does not escape generated URLs before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting...

CVE-2022-0899 Header Footer Code Manager < 1.1.24 - Reflected Cross-Site Scripting

The Header Footer Code Manager WordPress plugin before 1.1.24 does not escape generated URLs before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting...

CVE-2022-0899

CVE-2022-0899 affects the WordPress plugin Header Footer Code Manager prior to version 1.1.24. The vulnerability arises because generated URLs are not escaped before being output in admin page attributes, enabling Reflected Cross-Site Scripting. Exploitation context: authenticated attackers can i...

WordPress Header Footer Code Manager Plugin < 1.1.17 XSS Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

CVE-2022-0710

The Header Footer Code Manager plugin = 1.1.16 for WordPress is vulnerable to Reflected Cross-Site Scripting XSS via the $REQUEST'page' parameter...

CVE-2022-0710 Header Footer Code Manager <= 1.1.16 Reflected XSS

The Header Footer Code Manager plugin = 1.1.16 for WordPress is vulnerable to Reflected Cross-Site Scripting XSS via the $REQUEST'page' parameter...