← Back

Http Headers

http_headers

Vendor: Riverside • 4 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-37978
1Riverside
1Http Headers
Apr 28, 2026
Nov 13, 2023
N/A· v4
4.9 MEDIUM· v3
N/A· v2
Server-Side Request Forgery (SSRF) vulnerability in Dimitar Ivanov HTTP Headers.This issue affects HTTP Headers: from n/a through 1.18.11.
CVE-2023-37874
1Riverside
1Http Headers
Nov 21, 2024
Aug 5, 2023
N/A· v4
4.8 MEDIUM· v3
N/A· v2
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dimitar Ivanov HTTP Headers plugin <= 1.18.11 versions.
CVE-2023-1208
1Riverside
1Http Headers
Nov 21, 2024
Jul 10, 2023
N/A· v4
7.2 HIGH· v3
N/A· v2
This HTTP Headers WordPress plugin before 1.18.11 allows arbitrary data to be written to arbitrary files, leading to a Remote Code Execution vulnerability.
CVE-2023-1207
1Riverside
1Http Headers
Jan 24, 2025
May 15, 2023
N/A· v4
7.2 HIGH· v3
N/A· v2
This HTTP Headers WordPress plugin before 1.18.8 has an import functionality which executes arbitrary SQL on the server, leading to an SQL Injection vulnerability.