Arbitrary SQL Execution via Import Functionality in HTTP Headers WordPress Plugin

Arbitrary SQL Execution via Import Functionality in HTTP Headers WordPress Plugin

CVE-2023-1207 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

This HTTP Headers WordPress plugin before 1.18.8 has an import functionality which executes arbitrary SQL on the server, leading to an SQL Injection vulnerability.

Learn more about our Wordpress Pen Testing.