CVE-2023-1207

This HTTP Headers WordPress plugin before 1.18.8 has an import functionality which executes arbitrary SQL on the server, leading to an SQL Injection vulnerability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
WPScanCNA
---
---
CVEADP
---
---
CISA-ADPADP
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
VendorProductVersion
riversidehttp_headers
𝑥
< 1.18.8
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/6f3f460b-542a-4d32-8feb-afa1aef57e37
https://wpscan.com/vulnerability/6f3f460b-542a-4d32-8feb-afa1aef57e37