HTTP Headers <= 1.18.9 – Authenticated(Administrator+) SQL Injection | ww.wp.xz.cn

Resolved dorjipronto
(@dorjipronto)

3 years ago

Wordfence has reported SQL injection on the plugin version 1.18.9

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/http-headers/http-headers-1189-authenticatedadministrator-sql-injection

The page I need help with: [log in to see the link]

Viewing 6 replies - 1 through 6 (of 6 total)

sherwin_flight
(@sherwin_flight)

3 years ago

Same problem here. Hoping for a quick fix.

Brianne
(@briannehinchliffe)

3 years ago

I also submitted a GitHub issue in hopes to attract more attention. You can subscribe to notifications there as well: https://github.com/riverside/http-headers/issues/7

Plugin Author Dimitar Ivanov
(@zinoui)

3 years ago

I’ve just released a new version (1.18.10) which address the issues.

Thread Starter dorjipronto
(@dorjipronto)

2 years, 12 months ago

Thank you!

Thread Starter dorjipronto
(@dorjipronto)

2 years, 10 months ago

Hi @zinoui

I just noticed after version 1.18.10 the function to Import/Export functions setting has been removed. This function was really help for all of us whose has lots of site. Is possible to bring back this function?

Plugin Author Dimitar Ivanov
(@zinoui)

2 years, 10 months ago

Hi @dorjipronto

I explained already here why the Import/Export function has been removed

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘HTTP Headers <= 1.18.9 – Authenticated(Administrator+) SQL Injection’ is closed to new replies.

Tags

sql injection

6 replies
4 participants
Last reply from: Dimitar Ivanov
Last activity: 2 years, 10 months ago
Status: resolved