3 matches found
CVE-2025-11453
The Header and Footer Scripts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the inpostheadscript parameter in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-11453 Header and Footer Scripts <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Header and Footer Scripts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the inpostheadscript parameter in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-11453
CVE-2025-11453 affects the Header and Footer Scripts WordPress plugin. Root cause: insufficient input sanitization and output escaping in _inpost_head_script, enabling Stored XSS. Affected versions up to 2.2.2; Wordfence notes patching in subsequent releases (2.3.0+). Impact: authenticated attack...