cleantalk
Vulnerabilities and Security Researches

Header Footer Code Manager, CVE-2021-24791

CVE, Research URL

CVE-2021-24791

Home page URL

Security reports for Header Footer Code Manager

Application

Header Footer Code Manager

Published on
Nov 08, 2021
Research Description
The Header Footer Code Manager WordPress plugin before 1.1.14 does not validate and escape the "orderby" and "order" request parameters before using them in a SQL statement when viewing the Snippets admin dashboard, leading to SQL injections
Affected versions
Min -, max 1.1.14.
Status
vulnerable
Previous vulnerability researches
Header Footer Code Manager , May 20, 2025
Header Footer Code Manager (CVE-2023-39989) , Jun 07, 2024
Header Footer Code Manager (CVE-2022-0710) , Jun 07, 2024
Header Footer Code Manager (CVE-2021-24791) , Jun 07, 2024
Header Footer Code Manager (CVE-2022-0899) , Jun 07, 2024
New vulnerability
Tainacan (CVE-2025-47512) , May 25, 2025
Page Builder: Pagelayer – Drag and Drop website builder (CVE-2025-4223) , May 25, 2025
Page Builder: Pagelayer – Drag and Drop website builder (CVE-2024-13427) , May 25, 2025
miniOrange Discord Integration (CVE-2025-47672) , May 25, 2025
4stats (CVE-2025-3869) , May 24, 2025