Description
sslheaders plugin extracts information from the client certificate and sets headers in the request based on the configuration of the plugin. The plugin doesn't strip the headers from the request in some scenarios. This problem was discovered in versions 6.0.0 to 6.0.3, 7.0.0 to 7.1.5, and 8.0.0 to 8.0.1.
Remediation
References
Related Vulnerabilities
WordPress Plugin spideranalyse Cross-Site Scripting (0.0.1)
WordPress Plugin Ultimate FAQ Cross-Site Scripting (1.8.21)
Claroline Other Vulnerability (CVE-2005-1375)
WordPress Plugin WordPress Calls to Action Unspecified Vulnerability (2.3.5)
WordPress Plugin WP ALL Export Pro Multiple Vulnerabilities (1.7.8)