- Description
- The Head, Footer and Post Injections plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 3.3.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject PHP Code in multisite environments.
- Source
- security@wordfence.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security@wordfence.com
- CWE-94
- Hype score
- Not currently trending
CVE-2024-13900 PHP Code Injection in WordPress Head, Footer and Post Injections Plugin ≤ 3.3.0 https://t.co/1ZSgPcMnNh
@VulmonFeeds
21 Feb 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-13900 The Head, Footer and Post Injections plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 3.3.0. This makes it possible for … https://t.co/6MuByW4e8G
@CVEnew
21 Feb 2025
466 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:satollo:head\\,_footer\\,_and_post_injections:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "DCCC1328-E94B-4412-A2F9-068904442417",
"versionEndExcluding": "3.3.1"
}
],
"operator": "OR"
}
]
}
]