Title: Vulnerability Last modified: April 27, 2023 --- # Vulnerability * Resolved [dpmcalister](https://wordpress.org/support/users/dpmcalister/) * (@dpmcalister) * [3 years, 1 month ago](https://wordpress.org/support/topic/vulnerability-65/) * Wordfence are reporting a vulnerability with the latest version: [https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/http-headers/http-headers-1189-authenticatedadministrator-sql-injection](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/http-headers/http-headers-1189-authenticatedadministrator-sql-injection) Viewing 11 replies - 1 through 11 (of 11 total) * [tarlori](https://wordpress.org/support/users/tarlori/) * (@tarlori) * [3 years, 1 month ago](https://wordpress.org/support/topic/vulnerability-65/#post-16692022) * I’ve just faced the same issue. - This reply was modified 3 years, 1 month ago by [tarlori](https://wordpress.org/support/users/tarlori/). * [esmswebmaster](https://wordpress.org/support/users/esmswebmaster/) * (@esmswebmaster) * [3 years, 1 month ago](https://wordpress.org/support/topic/vulnerability-65/#post-16696220) * Hello, * I am also receiving the vulnerability message for version 1.18.9 – I thought this version was meant to address this vulnerability. * [https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/http-headers/http-headers-1189-authenticatedadministrator-sql-injection](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/http-headers/http-headers-1189-authenticatedadministrator-sql-injection) * I appreciate that this is an open-source project, but this tool is excellent. I’m willing to provide donations if it will assist in justifying your time to provide a patch. Please confirm, I will happily do so. * regards - This reply was modified 3 years, 1 month ago by [esmswebmaster](https://wordpress.org/support/users/esmswebmaster/). * [nurdhood](https://wordpress.org/support/users/nurdhood/) * (@nurdhood) * [3 years, 1 month ago](https://wordpress.org/support/topic/vulnerability-65/#post-16702808) * Hi, I also get the same message. Would be great if you have time to have a look at it. * [sherwin_flight](https://wordpress.org/support/users/sherwin_flight/) * (@sherwin_flight) * [3 years ago](https://wordpress.org/support/topic/vulnerability-65/#post-16733321) * Same issue for me * [Brianne](https://wordpress.org/support/users/briannehinchliffe/) * (@briannehinchliffe) * [3 years ago](https://wordpress.org/support/topic/vulnerability-65/#post-16762254) * I also submitted a GitHub issue in hopes to attract more attention. You can subscribe to notifications there as well: [https://github.com/riverside/http-headers/issues/7](https://github.com/riverside/http-headers/issues/7) * [Brianne](https://wordpress.org/support/users/briannehinchliffe/) * (@briannehinchliffe) * [3 years ago](https://wordpress.org/support/topic/vulnerability-65/#post-16762266) * Also [@esmswebmaster](https://wordpress.org/support/users/esmswebmaster/) I found their donate link on GitHub too if you are serious about making a donation: [https://www.paypal.me/Dimitar81](https://www.paypal.me/Dimitar81) * Plugin Author [Dimitar Ivanov](https://wordpress.org/support/users/zinoui/) * (@zinoui) * [3 years ago](https://wordpress.org/support/topic/vulnerability-65/#post-16774243) * I’ve just released a new version (1.18.10) which address the issues. * [esmswebmaster](https://wordpress.org/support/users/esmswebmaster/) * (@esmswebmaster) * [3 years ago](https://wordpress.org/support/topic/vulnerability-65/#post-16780273) * [@zinoui](https://wordpress.org/support/users/zinoui/) Blagodarq ti Dimitar, * I was taking steps to have another dev contribute to the project on this topic, but it’s not necessary now. * Assuming [https://www.paypal.com/paypalme/Dimitar81](https://www.paypal.com/paypalme/Dimitar81)(?) is still a valid path for donations, I will arrange a donation for your contribution to this project next week when I’m back from AL. * Thanks. * Plugin Author [Dimitar Ivanov](https://wordpress.org/support/users/zinoui/) * (@zinoui) * [3 years ago](https://wordpress.org/support/topic/vulnerability-65/#post-16780342) * [@esmswebmaster](https://wordpress.org/support/users/esmswebmaster/) you’re welcome. Yes, the link is still valid. * [esmswebmaster](https://wordpress.org/support/users/esmswebmaster/) * (@esmswebmaster) * [3 years ago](https://wordpress.org/support/topic/vulnerability-65/#post-16798686) * [@zinoui](https://wordpress.org/support/users/zinoui/) Donation sent. Thanks for your continued support. * Plugin Author [Dimitar Ivanov](https://wordpress.org/support/users/zinoui/) * (@zinoui) * [2 years, 11 months ago](https://wordpress.org/support/topic/vulnerability-65/#post-16826123) * [@esmswebmaster](https://wordpress.org/support/users/esmswebmaster/) Thank you very much! * Finally, the guys from WPScan/Automattic confirmed that the patch works well. Viewing 11 replies - 1 through 11 (of 11 total) The topic ‘Vulnerability’ is closed to new replies. * ![](https://ps.w.org/http-headers/assets/icon-128x128.png?rev=1413576) * [HTTP Headers](https://wordpress.org/plugins/http-headers/) * [Frequently Asked Questions](https://wordpress.org/plugins/http-headers/#faq) * [Support Threads](https://wordpress.org/support/plugin/http-headers/) * [Active Topics](https://wordpress.org/support/plugin/http-headers/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/http-headers/unresolved/) * [Reviews](https://wordpress.org/support/plugin/http-headers/reviews/) * 12 replies * 7 participants * Last reply from: [Dimitar Ivanov](https://wordpress.org/support/users/zinoui/) * Last activity: [2 years, 11 months ago](https://wordpress.org/support/topic/vulnerability-65/#post-16826123) * Status: resolved