Arbitrary SQL Execution via Import Functionality in HTTP Headers WordPress Plugin
CVE-2023-1207 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
This HTTP Headers WordPress plugin before 1.18.8 has an import functionality which executes arbitrary SQL on the server, leading to an SQL Injection vulnerability.
Learn more about our Wordpress Pen Testing.