Vulnerability

I’ve just faced the same issue.

• This reply was modified 1 year, 7 months ago by tarlori.

Hello,

I am also receiving the vulnerability message for version 1.18.9 – I thought this version was meant to address this vulnerability.

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/http-headers/http-headers-1189-authenticatedadministrator-sql-injection

I appreciate that this is an open-source project, but this tool is excellent. I’m willing to provide donations if it will assist in justifying your time to provide a patch. Please confirm, I will happily do so.

regards

• This reply was modified 1 year, 7 months ago by esmswebmaster.

Hi, I also get the same message. Would be great if you have time to have a look at it.

Same issue for me

I also submitted a GitHub issue in hopes to attract more attention. You can subscribe to notifications there as well: https://github.com/riverside/http-headers/issues/7

Also @esmswebmaster I found their donate link on GitHub too if you are serious about making a donation: https://www.paypal.me/Dimitar81

I’ve just released a new version (1.18.10) which address the issues.

@zinoui Blagodarq ti Dimitar,

I was taking steps to have another dev contribute to the project on this topic, but it’s not necessary now.

Assuming https://www.paypal.com/paypalme/Dimitar81 (?) is still a valid path for donations, I will arrange a donation for your contribution to this project next week when I’m back from AL.

Thanks.

@esmswebmaster you’re welcome. Yes, the link is still valid.

@zinoui Donation sent. Thanks for your continued support.

@esmswebmaster Thank you very much!

Finally, the guys from WPScan/Automattic confirmed that the patch works well.