WordPress Plugin Vulnerabilities

Header Footer Code Manager < 1.1.24 - Reflected Cross-Site Scripting

The plugin does not escape generated URLs before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting.

https://example.com/wp-admin/admin.php?page=hfcm-list&'><script>alert(/XSS/)</script>

Fixed in version 1.1.24

CVE

Type

XSS

OWASP top 10

CWE

Original Researcher

Taurus Omar

Submitter

Taurus Omar

Submitter website

Submitter twitter

Verified

Yes

WPVDB ID

Publicly Published

2022-07-04 (about 11 months ago)

Added

2022-07-04 (about 11 months ago)

Last Updated

2023-04-07 (about 1 months ago)