cleantalk
Vulnerabilities and Security Researches

Insert Headers and Footers Code – HT Script, CVE-2025-12112

CVE, Research URL

CVE-2025-12112

Home page URL

Security reports for Insert Headers and Footers Code – HT Script

Application

Insert Headers and Footers Code – HT Script

Published on
Nov 08, 2025
Research Description
The Insert Headers and Footers Code – HT Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via adding scripts in all versions up to, and including, 1.1.6 due to insufficient capability checks. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 1.1.7.
Status
vulnerable
Previous vulnerability researches
BuddyForms Ultimate Member (893cfcf44e3c079784f666e461a667cb4f6e2761) , Jun 06, 2024
New vulnerability
Import WP – Export and Import CSV and XML files to WordPress (CVE-2025-12137) , Nov 12, 2025
XX2WP Integration Tools (CVE-2025-11857) , Nov 12, 2025
Greenshift – animation and page builder blocks (CVE-2025-11841) , Nov 11, 2025
Range Slider AddOn for Gravity Forms (CVE-2025-49905) , Nov 11, 2025
YOP Poll (CVE-2025-62040) , Nov 11, 2025