CVE-2025-48314

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in salubrio Add Code To Head add-code-to-head allows Stored XSS.This issue affects Add Code To Head: from n/a through = 1.17...

CVE-2025-48314 WordPress Add Code To Head plugin <= 1.17 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in salubrio Add Code To Head allows Stored XSS. This issue affects Add Code To Head: from n/a through 1.17...

CVE-2025-48314 WordPress Add Code To Head plugin <= 1.17 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in salubrio Add Code To Head add-code-to-head allows Stored XSS.This issue affects Add Code To Head: from n/a through = 1.17...

WordPress plugin Add Code To Head 跨站脚本漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Add Code To Head exists cross-site scripting vulnerability, the vulnerability stems fro...

WordPress Add Code To Head plugin <= 1.17 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Bao - BlueRock in WordPress Plugin Add Code To Head versions = 1.17...

CVE-2021-24619

The Per page add to head WordPress plugin through 1.4.4 does not properly sanitise one of its setting, allowing malicious HTML to be inserted by high privilege users even when the unfilteredhtml capability is disallowed, which could lead to Cross-Site Scripting issues...

CVE-2021-24619 Per Page Add to Head <= 1.4.4 - Authenticated Stored XSS

The Per page add to head WordPress plugin through 1.4.4 does not properly sanitise one of its setting, allowing malicious HTML to be inserted by high privilege users even when the unfilteredhtml capability is disallowed, which could lead to Cross-Site Scripting issues...

CVE-2021-24619

The CVE-2021-24619 refers to the WordPress Per Page Add to Head plugin (

CVE-2021-24586

CVE-2021-24586 affects the WordPress plugin “Per page add to head” (versions before 1.4.4). The vulnerability arises from a lack of CSRF protection when saving settings, enabling a logged-in admin’s actions to be manipulated. The plugin also allows arbitrary HTML to be inserted in one setting, cr...

CVE-2021-24586 Per Page Add to Head < 1.4.4 - CSRF to Stored XSS

The Per page add to head WordPress plugin before 1.4.4 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the setting feature mentioned by the plugin, this...

WordPress plugin Per page add to head 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

Per Page Add to Head <= 1.4.4 - Authenticated Stored XSS

The plugin does not properly sanitise one of its setting, allowing malicious HTML to be inserted by high privilege users even when the unfilteredhtml capability is disallowed, which could lead to Cross-Site Scripting issues. Note: The plugin is no longer maintained. PoC Put the following payload ...

WordPress Per page add to head plugin <= 1.4.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Prashant Karman Patel in WordPress Per page add to head plugin versions = 1.4.4. Solution This plugin has been closed as of June 7, 2021 and is not available for download. Reason: Security Issue...

WordPress Plugin Add Code To Head upsite_analytics_plugin SQL Injection Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress plugin Add Code To Head upsiteanalyticsplugin. The vulnerability is...