Description
WordPress Plugin HTTP Headers is prone to multiple vulnerabilities, including server-side request forgery and cross-site request forgery vulnerabilities. Exploiting these issues could allow an attacker to make the vulnerable server perform port scanning of hosts in internal or external networks, or to perform certain administrative actions and gain unauthorized access to the affected application. WordPress Plugin HTTP Headers version 1.9.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.9.4 or latest
References
https://www.pluginvulnerabilities.com/2018/01/18/wordpress-plugin-security-review-http-headers/
https://plugins.svn.wordpress.org/http-headers/trunk/README.txt
Related Vulnerabilities
WordPress Plugin JVM WooCommerce Wishlist Unspecified Vulnerability (1.2.6)
WordPress Plugin Free counter Cross-Site Scripting (1.1)
WordPress Plugin Check & Log Email Cross-Site Scripting (0.3)
WordPress Plugin SpamBam Key Calculation Security Bypass (2.1)
WordPress Plugin More Fields Cross-Site Request Forgery (2.1)