Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities found for HTTP Headers by Unknown
CVE-2023-1208 (GCVE-0-2023-1208)
Vulnerability from nvd – Published: 2023-07-10 12:41 – Updated: 2024-11-08 17:47
VLAI
Title
HTTP Headers < 1.18.11 - Admin+ Remote Code Execution
Summary
This HTTP Headers WordPress plugin before 1.18.11 allows arbitrary data to be written to arbitrary files, leading to a Remote Code Execution vulnerability.
Severity
No CVSS data available.
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/e0cc6740-866a-4a… | exploitvdb-entrytechnical-description |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | HTTP Headers |
Affected:
0 , < 1.18.11
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:59.878Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/e0cc6740-866a-4a81-a93d-ff486b79b7f7"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1208",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T17:47:01.245468Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T17:47:14.903Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "HTTP Headers",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.18.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "qerogram(at Kakao Style Corp.)"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "This HTTP Headers WordPress plugin before 1.18.11 allows arbitrary data to be written to arbitrary files, leading to a Remote Code Execution vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-10T13:05:53.449Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/e0cc6740-866a-4a81-a93d-ff486b79b7f7"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "HTTP Headers \u003c 1.18.11 - Admin+ Remote Code Execution",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2023-1208",
"datePublished": "2023-07-10T12:41:23.248Z",
"dateReserved": "2023-03-06T19:23:12.728Z",
"dateUpdated": "2024-11-08T17:47:14.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1207 (GCVE-0-2023-1207)
Vulnerability from nvd – Published: 2023-05-15 12:15 – Updated: 2025-01-24 20:14
VLAI
Title
HTTP Headers < 1.18.8 - Admin+ SQL Injection
Summary
This HTTP Headers WordPress plugin before 1.18.8 has an import functionality which executes arbitrary SQL on the server, leading to an SQL Injection vulnerability.
Severity
7.2 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/6f3f460b-542a-4d… | exploitvdb-entrytechnical-description |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | HTTP Headers |
Affected:
0 , < 1.18.8
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:58.379Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/6f3f460b-542a-4d32-8feb-afa1aef57e37"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-1207",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T20:13:20.618183Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T20:14:30.794Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "HTTP Headers",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.18.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "qerogram(at Kakao Style Corp.)"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "This HTTP Headers WordPress plugin before 1.18.8 has an import functionality which executes arbitrary SQL on the server, leading to an SQL Injection vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-15T12:15:30.045Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/6f3f460b-542a-4d32-8feb-afa1aef57e37"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "HTTP Headers \u003c 1.18.8 - Admin+ SQL Injection",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2023-1207",
"datePublished": "2023-05-15T12:15:30.045Z",
"dateReserved": "2023-03-06T19:02:36.104Z",
"dateUpdated": "2025-01-24T20:14:30.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1208 (GCVE-0-2023-1208)
Vulnerability from cvelistv5 – Published: 2023-07-10 12:41 – Updated: 2024-11-08 17:47
VLAI
Title
HTTP Headers < 1.18.11 - Admin+ Remote Code Execution
Summary
This HTTP Headers WordPress plugin before 1.18.11 allows arbitrary data to be written to arbitrary files, leading to a Remote Code Execution vulnerability.
Severity
No CVSS data available.
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/e0cc6740-866a-4a… | exploitvdb-entrytechnical-description |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | HTTP Headers |
Affected:
0 , < 1.18.11
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:59.878Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/e0cc6740-866a-4a81-a93d-ff486b79b7f7"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1208",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T17:47:01.245468Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T17:47:14.903Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "HTTP Headers",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.18.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "qerogram(at Kakao Style Corp.)"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "This HTTP Headers WordPress plugin before 1.18.11 allows arbitrary data to be written to arbitrary files, leading to a Remote Code Execution vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-10T13:05:53.449Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/e0cc6740-866a-4a81-a93d-ff486b79b7f7"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "HTTP Headers \u003c 1.18.11 - Admin+ Remote Code Execution",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2023-1208",
"datePublished": "2023-07-10T12:41:23.248Z",
"dateReserved": "2023-03-06T19:23:12.728Z",
"dateUpdated": "2024-11-08T17:47:14.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1207 (GCVE-0-2023-1207)
Vulnerability from cvelistv5 – Published: 2023-05-15 12:15 – Updated: 2025-01-24 20:14
VLAI
Title
HTTP Headers < 1.18.8 - Admin+ SQL Injection
Summary
This HTTP Headers WordPress plugin before 1.18.8 has an import functionality which executes arbitrary SQL on the server, leading to an SQL Injection vulnerability.
Severity
7.2 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/6f3f460b-542a-4d… | exploitvdb-entrytechnical-description |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | HTTP Headers |
Affected:
0 , < 1.18.8
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:58.379Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/6f3f460b-542a-4d32-8feb-afa1aef57e37"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-1207",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T20:13:20.618183Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T20:14:30.794Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "HTTP Headers",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.18.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "qerogram(at Kakao Style Corp.)"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "This HTTP Headers WordPress plugin before 1.18.8 has an import functionality which executes arbitrary SQL on the server, leading to an SQL Injection vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-15T12:15:30.045Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/6f3f460b-542a-4d32-8feb-afa1aef57e37"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "HTTP Headers \u003c 1.18.8 - Admin+ SQL Injection",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2023-1207",
"datePublished": "2023-05-15T12:15:30.045Z",
"dateReserved": "2023-03-06T19:02:36.104Z",
"dateUpdated": "2025-01-24T20:14:30.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}