VYPR

Wp Footnotes

by WordPress

Source repositories

CVEs (2)

  • CVE-2025-15378HigJan 14, 2026
    risk 0.47cvss 7.2epss 0.00

    The AJS Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'note_list_class' and 'popup_display_effect_in' parameters in all versions up to, and including, 1.0 due to missing authorization and nonce verification on settings save, as well as…

  • CVE-2008-0691Feb 12, 2008
    risk 0.03cvss epss 0.04

    Multiple cross-site scripting (XSS) vulnerabilities in admin_panel.php in the Simon Elvery WP-Footnotes 2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) wp_footnotes_current_settings[priority], (2)…