I’ve just faced the same issue.
-
This reply was modified 3 years, 1 month ago by
tarlori.
Hello,
I am also receiving the vulnerability message for version 1.18.9 – I thought this version was meant to address this vulnerability.
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/http-headers/http-headers-1189-authenticatedadministrator-sql-injection
I appreciate that this is an open-source project, but this tool is excellent. I’m willing to provide donations if it will assist in justifying your time to provide a patch. Please confirm, I will happily do so.
regards
Hi, I also get the same message. Would be great if you have time to have a look at it.
I also submitted a GitHub issue in hopes to attract more attention. You can subscribe to notifications there as well: https://github.com/riverside/http-headers/issues/7
Also @esmswebmaster I found their donate link on GitHub too if you are serious about making a donation: https://www.paypal.me/Dimitar81
I’ve just released a new version (1.18.10) which address the issues.
@zinoui Blagodarq ti Dimitar,
I was taking steps to have another dev contribute to the project on this topic, but it’s not necessary now.
Assuming https://www.paypal.com/paypalme/Dimitar81 (?) is still a valid path for donations, I will arrange a donation for your contribution to this project next week when I’m back from AL.
Thanks.
@esmswebmaster you’re welcome. Yes, the link is still valid.
@zinoui Donation sent. Thanks for your continued support.
@esmswebmaster Thank you very much!
Finally, the guys from WPScan/Automattic confirmed that the patch works well.
