cleantalk
Vulnerabilities and Security Researches

Insert Headers and Footers Code – HT Script, CVE-2025-12112

CVE, Research URL

CVE-2025-12112

Home page URL

Security reports for Insert Headers and Footers Code – HT Script

Application

Insert Headers and Footers Code – HT Script

Published on
Nov 08, 2025
Research Description
The Insert Headers and Footers Code – HT Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via adding scripts in all versions up to, and including, 1.1.6 due to insufficient capability checks. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 1.1.7.
Status
vulnerable
Previous vulnerability researches
LMB^Box Smileys (CVE-2025-12400) , Nov 11, 2025
New vulnerability
Greenshift – animation and page builder blocks (CVE-2025-11841) , Nov 11, 2025
Range Slider AddOn for Gravity Forms (CVE-2025-49905) , Nov 11, 2025
YOP Poll (CVE-2025-62040) , Nov 11, 2025
Insert Headers and Footers Code – HT Script (CVE-2025-12112) , Nov 11, 2025
Easy Appointments (CVE-2025-49398) , Nov 11, 2025