Vulnerabilities and security researches forheader-footer-code-manager header-footer-code-manager

Jun 07, 2024

CVE, Research URL: CVE-2023-39989
Home page URL: Security reports for Header Footer Code Manager
Application: Header Footer Code Manager
Date: Oct 03, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in 99robots Header Footer Code Manager plugin <= 1.1.34 versions.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2022-0710
Home page URL: Security reports for Header Footer Code Manager
Application: Header Footer Code Manager
Date: Feb 25, 2022
Research Description: The Header Footer Code Manager plugin <= 1.1.16 for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the $_REQUEST['page'] parameter.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2021-24791
Home page URL: Security reports for Header Footer Code Manager
Application: Header Footer Code Manager
Date: Nov 08, 2021
Research Description: The Header Footer Code Manager WordPress plugin before 1.1.14 does not validate and escape the "orderby" and "order" request parameters before using them in a SQL statement when viewing the Snippets admin dashboard, leading to SQL injections
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2022-0899
Home page URL: Security reports for Header Footer Code Manager
Application: Header Footer Code Manager
Date: Jul 25, 2022
Research Description: The Header Footer Code Manager WordPress plugin before 1.1.24 does not escape generated URLs before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting.
Affected versions: Min -, max -.
Status: vulnerable

May 20, 2025

PSC, Research URL: PSC-2025-64570
Home page URL: Security reports for Header Footer Code Manager
Application: Header Footer Code Manager
Date: May 20, 2025
Research Description: Header Footer Code Manager (HFCM) by 99 Robots is a powerful and secure WordPress plugin designed to safely insert custom code snippets (HTML, JavaScript, or CSS) into the header, footer, or content areas of your website without altering theme files. Whether you need to add analytics scripts, advertising tags, or verification codes, HFCM provides an intuitive interface that eliminates the risks associated with direct theme modification. By allowing precise placement of scripts on specific pages, posts, categories, or devices, HFCM helps streamline performance and simplify site administration—all while keeping your codebase safe and organized. Following a rigorous code review and penetration testing process, HFCM has earned the Plugin Security Certification (PSC) with ID PSC-2025-64570, issued by CleanTalk, confirming adherence to best practices in secure plugin development.
Affected versions: Min -, max -.
Status: SAFE & CERTIFIED