CVE-2023-1207

EUVD-2023-23486
This HTTP Headers WordPress plugin before 1.18.8 has an import functionality which executes arbitrary SQL on the server, leading to an SQL Injection vulnerability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
Affected Products (NVD)
VendorProductVersion
riversidehttp_headers
𝑥
< 1.18.8
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/6f3f460b-542a-4d32-8feb-afa1aef57e37
https://wpscan.com/vulnerability/6f3f460b-542a-4d32-8feb-afa1aef57e37