cleantalk
Vulnerabilities and Security Researches

CM Header & Footer Script Loader – Insert Script Plugin, CVE-2025-31091

CVE, Research URL

CVE-2025-31091

Home page URL

Security reports for CM Header & Footer Script Loader – Insert Script Plugin

Application

CM Header & Footer Script Loader – Insert Script Plugin

Published on
Apr 03, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Header and Footer allows Stored XSS. This issue affects CM Header and Footer: from n/a through 1.2.4.
Affected versions
Min -, max 1.2.5.
Status
vulnerable
Previous vulnerability researches
LetterPress – Elevate Your WordPress Site's E-Mail Campaigns and Marketing (CVE-2024-3590) , Jun 07, 2024
LetterPress – Elevate Your WordPress Site's E-Mail Campaigns and Marketing (CVE-2023-27415) , Jun 07, 2024
LetterPress – Elevate Your WordPress Site's E-Mail Campaigns and Marketing (CVE-2024-34568) , Jun 07, 2024
Ni Purchase Order(PO) For WooCommerce (CVE-2023-5957) , Jun 06, 2024
User registration & user profile – UserPlus (CVE-2023-0824) , Jun 07, 2024
New vulnerability
FPW Category Thumbnails (CVE-2025-31841) , Apr 05, 2025
Gutenify – Visual Site Builder Blocks & Site Templates. (CVE-2025-32168) , Apr 05, 2025
GetBookingsWP – Appointments Booking Calendar Plugin For WordPress (CVE-2025-31896) , Apr 05, 2025
Video Playlist For YouTube (CVE-2025-32183) , Apr 05, 2025
Snow Storm (CVE-2025-30858) , Apr 05, 2025