Lucene search

Header Footer Code Manager Security Vulnerabilities

cve

CVE-2021-24791

The Header Footer Code Manager WordPress plugin before 1.1.14 does not validate and escape the "orderby" and "order" request parameters before using them in a SQL statement when viewing the Snippets admin dashboard, leading to SQL injections

7.2CVSS

7AI Score

0.251EPSS

2021-11-08 06:15 PM

cve

CVE-2022-0710

The Header Footer Code Manager plugin <= 1.1.16 for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the $_REQUEST['page'] parameter.

6.1CVSS

6AI Score

0.001EPSS

2022-02-24 07:15 PM

cve

CVE-2022-0899

The Header Footer Code Manager WordPress plugin before 1.1.24 does not escape generated URLs before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting.

6.1CVSS

6.2AI Score

0.001EPSS

2022-07-25 01:15 PM

cve

CVE-2023-39989

Cross-Site Request Forgery (CSRF) vulnerability in 99robots Header Footer Code Manager plugin <= 1.1.34 versions.

8.8CVSS

8.9AI Score

0.001EPSS

2023-10-03 12:15 PM