cleantalk
Vulnerabilities and Security Researches

Header Footer Code Manager, CVE-2022-0899

CVE, Research URL

CVE-2022-0899

Home page URL

Security reports for Header Footer Code Manager

Application

Header Footer Code Manager

Published on
Jul 25, 2022
Research Description
The Header Footer Code Manager WordPress plugin before 1.1.24 does not escape generated URLs before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting.
Affected versions
Min -, max 1.1.35.
Status
vulnerable
Previous vulnerability researches
Header Footer Code Manager , May 20, 2025
Header Footer Code Manager (CVE-2023-39989) , Jun 07, 2024
Header Footer Code Manager (CVE-2022-0710) , Jun 07, 2024
Header Footer Code Manager (CVE-2021-24791) , Jun 07, 2024
Header Footer Code Manager (CVE-2022-0899) , Jun 07, 2024
New vulnerability
Tainacan (CVE-2025-47512) , May 25, 2025
Page Builder: Pagelayer – Drag and Drop website builder (CVE-2025-4223) , May 25, 2025
Page Builder: Pagelayer – Drag and Drop website builder (CVE-2024-13427) , May 25, 2025
miniOrange Discord Integration (CVE-2025-47672) , May 25, 2025
4stats (CVE-2025-3869) , May 24, 2025