cleantalk
Vulnerabilities and Security Researches

WPCode – Insert Headers and Footers + Custom Code Snippets – WordPress Code Manager, CVE-2023-0328

CVE, Research URL

CVE-2023-0328

Home page URL

Security reports for WPCode – Insert Headers and Footers + Custom Code Snippets – WordPress Code Manager

Application

WPCode – Insert Headers and Footers + Custom Code Snippets – WordPress Code Manager

Published on
Mar 06, 2023
Research Description
The WPCode WordPress plugin before 2.0.7 does not have adequate privilege checks in place for several AJAX actions, only checking the nonce. This may lead to allowing any authenticated user who can edit posts to call the endpoints related to WPCode Library authentication (such as update and delete the auth key).
Affected versions
max 2.0.7.
Status
vulnerable
Previous vulnerability researches
Insert Headers and Footers Code – HT Script (CVE-2025-2779) , Apr 03, 2025
Insert Headers and Footers Code – HT Script (CVE-2025-12112) , Nov 11, 2025
WPCode – Insert Headers and Footers + Custom Code Snippets – WordPress Code Manager (CVE-2023-0328) , Jun 06, 2024
WPCode – Insert Headers and Footers + Custom Code Snippets – WordPress Code Manager (CVE-2023-1624) , Jun 06, 2024
WPCode – Insert Headers and Footers + Custom Code Snippets – WordPress Code Manager (CVE-2023-3524) , Jun 06, 2024
New vulnerability
WP Search Analytics (CVE-2026-27357) , May 28, 2026
Sheets to WP Table Live Sync – WordPress Table Plugin with Google Sheets Integration (CVE-2026-24582) , May 28, 2026
MasterStudy LMS WordPress Plugin – for Online Courses and Education (CVE-2026-42730) , May 28, 2026
cformsII (CVE-2026-39436) , May 28, 2026
Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP (CVE-2026-24937) , May 28, 2026