CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39989 – WordPress Header Footer Code Manager Plugin <= 1.1.34 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-39989
04 Jul 2023 — Cross-Site Request Forgery (CSRF) vulnerability in 99robots Header Footer Code Manager plugin <= 1.1.34 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento 99robots Header Footer Code Manager en versiones <= 1.1.34. The Header Footer Code Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.34. This is due to missing or incorrect nonce validation on the 'process_bulk_action function'. This makes it possible for unauthen... • https://patchstack.com/database/vulnerability/header-footer-code-manager/wordpress-header-footer-code-manager-plugin-1-1-34-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0899 – Header Footer Code Manager < 1.1.24 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-0899
25 Jun 2022 — The Header Footer Code Manager WordPress plugin before 1.1.24 does not escape generated URLs before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting. El plugin Header Footer Code Manager de WordPress versiones anteriores a 1.1.24, no escapa de las URLs generadas antes de devolverlas en atributos en una página de administración, conllevando a un ataque de tipo Cross-Site Scripting Reflejado The Header Footer Code Manager plugin for WordPress is vulnerable to Re... • https://wpscan.com/vulnerability/1772417a-1abb-4d97-9694-1254840defd1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-0710 – Header Footer Code Manager <= 1.1.16 Reflected XSS
https://notcve.org/view.php?id=CVE-2022-0710
18 Feb 2022 — The Header Footer Code Manager plugin <= 1.1.16 for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the $_REQUEST['page'] parameter. El plugin Header Footer Code Manager versiones anteriores a 1.1.16 incluyéndola para WordPress, es vulnerable a un ataque de tipo Cross-Site Scripting (XSS) Reflejado por medio del parámetro $_REQUEST["page"] WordPress 99robots Header Footer Code Manager plugin versions 1.1.16 and below suffer from a cross site scripting vulnerability. • https://www.wordfence.com/blog/2022/02/reflected-xss-in-header-footer-code-manager • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 36%CPEs: 1EXPL: 1CVE-2021-24791 – Header Footer Code Manager < 1.1.14 - Admin+ SQL Injections
https://notcve.org/view.php?id=CVE-2021-24791
11 Oct 2021 — The Header Footer Code Manager WordPress plugin before 1.1.14 does not validate and escape the "orderby" and "order" request parameters before using them in a SQL statement when viewing the Snippets admin dashboard, leading to SQL injections El plugin Header Footer Code Manager de WordPress versiones anteriores a 1.1.14, no comprueba ni escapa de los parámetros de petición "orderby" y "order" antes de usarlos en una sentencia SQL cuando es visualizado el panel de administración de Snippets, conllevando inye... • https://wpscan.com/vulnerability/d55caa9b-d50f-4c13-bc69-dc475641735f • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24445 – My Site Audit <= 1.2.4 - Authenticated Stored Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24445
19 Jul 2021 — The My Site Audit WordPress plugin through 1.2.4 does not sanitise or escape the Audit Name field when creating an audit, allowing high privilege users to set JavaScript payloads in them, even when he unfiltered_html capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue El plugin de WordPress My Site Audit versiones hasta 1.2.4, no sanea o escapa del campo Audit Name cuando se crea una auditoría, permitiendo a usuarios con altos privilegios ajustar cargas útiles de JavaScri... • https://wpscan.com/vulnerability/d60634a3-ca39-43be-893b-ff9ba625360f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •