CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39989 – WordPress Header Footer Code Manager Plugin <= 1.1.34 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-39989
04 Jul 2023 — Cross-Site Request Forgery (CSRF) vulnerability in 99robots Header Footer Code Manager plugin <= 1.1.34 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento 99robots Header Footer Code Manager en versiones <= 1.1.34. The Header Footer Code Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.34. This is due to missing or incorrect nonce validation on the 'process_bulk_action function'. This makes it possible for unauthen... • https://patchstack.com/database/vulnerability/header-footer-code-manager/wordpress-header-footer-code-manager-plugin-1-1-34-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0899 – Header Footer Code Manager < 1.1.24 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-0899
25 Jun 2022 — The Header Footer Code Manager WordPress plugin before 1.1.24 does not escape generated URLs before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting. El plugin Header Footer Code Manager de WordPress versiones anteriores a 1.1.24, no escapa de las URLs generadas antes de devolverlas en atributos en una página de administración, conllevando a un ataque de tipo Cross-Site Scripting Reflejado The Header Footer Code Manager plugin for WordPress is vulnerable to Re... • https://wpscan.com/vulnerability/1772417a-1abb-4d97-9694-1254840defd1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-0710 – Header Footer Code Manager <= 1.1.16 Reflected XSS
https://notcve.org/view.php?id=CVE-2022-0710
18 Feb 2022 — The Header Footer Code Manager plugin <= 1.1.16 for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the $_REQUEST['page'] parameter. El plugin Header Footer Code Manager versiones anteriores a 1.1.16 incluyéndola para WordPress, es vulnerable a un ataque de tipo Cross-Site Scripting (XSS) Reflejado por medio del parámetro $_REQUEST["page"] WordPress 99robots Header Footer Code Manager plugin versions 1.1.16 and below suffer from a cross site scripting vulnerability. • https://www.wordfence.com/blog/2022/02/reflected-xss-in-header-footer-code-manager • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 36%CPEs: 1EXPL: 1CVE-2021-24791 – Header Footer Code Manager < 1.1.14 - Admin+ SQL Injections
https://notcve.org/view.php?id=CVE-2021-24791
11 Oct 2021 — The Header Footer Code Manager WordPress plugin before 1.1.14 does not validate and escape the "orderby" and "order" request parameters before using them in a SQL statement when viewing the Snippets admin dashboard, leading to SQL injections El plugin Header Footer Code Manager de WordPress versiones anteriores a 1.1.14, no comprueba ni escapa de los parámetros de petición "orderby" y "order" antes de usarlos en una sentencia SQL cuando es visualizado el panel de administración de Snippets, conllevando inye... • https://wpscan.com/vulnerability/d55caa9b-d50f-4c13-bc69-dc475641735f • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •