29 matches found
CVE-2026-1379
The HTTP Headers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.19.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...
CVE-2026-2717
The HTTP Headers plugin for WordPress is vulnerable to CRLF Injection in all versions up to, and including, 1.19.2. This is due to insufficient sanitization of custom header name and value fields before writing them to the Apache .htaccess file via insertwithmarkers. This makes it possible for...
CVE-2026-4132
The HTTP Headers plugin for WordPress is vulnerable to External Control of File Name or Path leading to Remote Code Execution in all versions up to and including 1.19.2. This is due to insufficient validation of the file path stored in the 'hhhtpasswdpath' option and lack of sanitization on the...
EUVD-2026-24637
The HTTP Headers plugin for WordPress is vulnerable to CRLF Injection in all versions up to, and including, 1.19.2. This is due to insufficient sanitization of custom header name and value fields before writing them to the Apache .htaccess file via insertwithmarkers. This makes it possible for...
EUVD-2026-24634
The HTTP Headers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.19.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...
CVE-2026-4132
The HTTP Headers plugin for WordPress is vulnerable to External Control of File Name or Path leading to Remote Code Execution in all versions up to and including 1.19.2. This is due to insufficient validation of the file path stored in the 'hhhtpasswdpath' option and lack of sanitization on the...
CVE-2026-4132
The HTTP Headers plugin for WordPress is vulnerable to External Control of File Name or Path leading to Remote Code Execution in all versions up to and including 1.19.2. This is due to insufficient validation of the file path stored in the 'hhhtpasswdpath' option and lack of sanitization on the...
CVE-2026-4132 HTTP Headers <= 1.19.2 - Authenticated (Administrator+) External Control of File Name or Path to RCE via 'hh_htpasswd_path' and 'hh_www_authenticate_user' Parameters
The HTTP Headers plugin for WordPress is vulnerable to External Control of File Name or Path leading to Remote Code Execution in all versions up to and including 1.19.2. This is due to insufficient validation of the file path stored in the 'hhhtpasswdpath' option and lack of sanitization on the...
CVE-2026-2717
The HTTP Headers plugin for WordPress is vulnerable to CRLF Injection in all versions up to, and including, 1.19.2. This is due to insufficient sanitization of custom header name and value fields before writing them to the Apache .htaccess file via insertwithmarkers. This makes it possible for...
CVE-2026-1379 HTTP Headers <= 1.19.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Custom Headers' Plugin Setting
The HTTP Headers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.19.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...
CVE-2026-1379 HTTP Headers <= 1.19.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Custom Headers' Plugin Setting
The HTTP Headers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.19.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...
PT-2026-34272
Name of the Vulnerable Software and Affected Versions HTTP Headers plugin for WordPress versions prior to 1.19.3 Description Insufficient sanitization of custom header name and value fields before they are written to the Apache .htaccess file via the insert with markers function allows...
WordPress plugin HTTP Headers 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
WordPress HTTP Headers plugin <= 1.19.2 - Authenticated (Administrator+) CRLF Injection vulnerability
Authenticated Administrator+ CRLF Injection vulnerability discovered by Kai Aizen in WordPress Plugin HTTP Headers versions = 1.19.2...
CVE-2023-40330
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Milan Petrovic GD Security Headers plugin = 1.6.1 versions...
EUVD-2023-41748
Malicious code in bioql PyPI...
CVE-2023-37874
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Dimitar Ivanov HTTP Headers plugin = 1.18.11 versions...
CVE-2023-27457
Cross-Site Request Forgery CSRF vulnerability in Passionate Brains Add Expires Headers & Optimized Minify plugin = 2.7 versions...
CVE-2023-37978 WordPress HTTP Headers Plugin <= 1.18.11 is vulnerable to Server Side Request Forgery (SSRF)
Server-Side Request Forgery SSRF vulnerability in Dimitar Ivanov HTTP Headers.This issue affects HTTP Headers: from n/a through 1.18.11...
CVE-2023-37978 WordPress HTTP Headers Plugin <= 1.18.11 is vulnerable to Server Side Request Forgery (SSRF)
Server-Side Request Forgery SSRF vulnerability in Dimitar Ivanov HTTP Headers.This issue affects HTTP Headers: from n/a through 1.18.11...