CVE-2022-0710

The CVE-2022-0710 entry concerns the WordPress plugin Header Footer Code Manager (versions ≤ 1.1.16). The vulnerability is a Reflected Cross-Site Scripting (XSS) flaw exploitable via the $_REQUEST['page'] parameter. Multiple sources confirm the affected plugin and the XSS impact; OpenVAS and Tena...

CVE-2022-0899

CVE-2022-0899 affects the WordPress plugin Header Footer Code Manager prior to version 1.1.24. The vulnerability arises because generated URLs are not escaped before being output in admin page attributes, enabling Reflected Cross-Site Scripting. Exploitation context: authenticated attackers can i...

CVE-2021-24791

The CVE-2021-24791 issue affects the WordPress plugin Header Footer Code Manager prior to 1.1.14. The vulnerability is a SQL injection in the Snippets admin dashboard caused by failing to validate/escape the orderby and order parameters used in a SQL statement. Exploitation requires authenticated...

CVE-2023-39989

CVE-2023-39989 affects the WordPress plugin Header Footer Code Manager (versions ≤ 1.1.34). The issue is a Cross-Site Request Forgery (CSRF) vulnerability, allowing unauthenticated exploitation of authorized actions. Patchstack lists a fix in 1.1.35 and notes the vulnerability has a low severity ...