XSS Issue reported by PatchStack | ww.wp.xz.cn

Resolved dooza
(@dooza)

2 weeks, 6 days ago

Hi there,
I assume this has been reported by PatchStack to you always which is why the plugin is under investigation.

https://patchstack.com/database/wordpress/plugin/http-headers/vulnerability/wordpress-http-headers-plugin-1-19-2-authenticated-administrator-stored-cross-site-scripting-vulnerability

https://www.cve.org/CVERecord?id=CVE-2026-1379

It appears to be Admins or above who can take advantage of this vulnerability but it would be great to know if it’s being fixed, otherwise we need to look for an alternative plugin.

Viewing 1 replies (of 1 total)

Plugin Author Dimitar Ivanov
(@zinoui)

2 weeks, 1 day ago

@dooza thank you for this bug report.
I’ve just repleased a new version that address the issue.

Viewing 1 replies (of 1 total)

You must be logged in to reply to this topic.

Tags

xss

1 reply
2 participants
Last reply from: Dimitar Ivanov
Last activity: 2 weeks, 1 day ago
Status: resolved