CVE-2025-11453

Name of the Vulnerable Software and Affected Versions Header and Footer Scripts plugin for WordPress versions up to and including 2.2.2

Description The Header and Footer Scripts plugin for WordPress is susceptible to Stored Cross-Site Scripting through the inpost head script parameter. Insufficient input sanitization and output escaping allow authenticated attackers with Contributor-level access or higher to inject arbitrary web scripts into pages. These scripts will execute whenever a user accesses the affected page. The inpost head script parameter is the entry point for this issue.

Recommendations Update the Header and Footer Scripts plugin to a version newer than 2.2.2.