2 matches found
CVE-2023-1207
CVE-2023-1207 affects the HTTP Headers WordPress plugin, prior to version 1.18.8. The import feature can execute arbitrary SQL on the server, causing an SQL Injection vulnerability. Public sources (NVD/Red Hat/Patchstack) confirm the issue and indicate a patch: update to 1.18.8 or later to mitiga...
CVE-2023-1208
CVE-2023-1208 refers to the WordPress HTTP Headers plugin, prior to version 1.18.11, where an arbitrary data write to arbitrary files leads to Remote Code Execution (RCE). The vulnerability is described as an access/authorization issue within the plugin, enabling an attacker with sufficient privi...