Vulnerabilities (CVE)

Filtered by vendor Riverside Subscribe
Filtered by product Http Headers
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-37978 1 Riverside 1 Http Headers 2024-02-28 N/A 4.9 MEDIUM
Server-Side Request Forgery (SSRF) vulnerability in Dimitar Ivanov HTTP Headers.This issue affects HTTP Headers: from n/a through 1.18.11.
CVE-2023-37874 1 Riverside 1 Http Headers 2024-02-28 N/A 4.8 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dimitar Ivanov HTTP Headers plugin <= 1.18.11 versions.
CVE-2023-1208 1 Riverside 1 Http Headers 2024-02-28 N/A 7.2 HIGH
This HTTP Headers WordPress plugin before 1.18.11 allows arbitrary data to be written to arbitrary files, leading to a Remote Code Execution vulnerability.
CVE-2023-1207 1 Riverside 1 Http Headers 2024-02-28 N/A 7.2 HIGH
This HTTP Headers WordPress plugin before 1.18.8 has an import functionality which executes arbitrary SQL on the server, leading to an SQL Injection vulnerability.