Vulnerabilities > CVE-2023-46821 - Unspecified vulnerability in Dev4Press GD Security Headers

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

dev4press

NVD

Published: 2023-11-06

Updated: 2024-11-21

Summary

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Milan Petrovic GD Security Headers allows auth. (admin+) SQL Injection.This issue affects GD Security Headers: from n/a through 1.7.

Vulnerable Configurations

Part	Description	Count
Application	Dev4Press Dev4Press GD Security Headers 1.0 Dev4Press GD Security Headers 1.1 Dev4Press GD Security Headers 1.1.1 Dev4Press GD Security Headers 1.2 Dev4Press GD Security Headers 1.3 Dev4Press GD Security Headers 1.4 Dev4Press GD Security Headers 1.5 Dev4Press GD Security Headers 1.6 Dev4Press GD Security Headers 1.6.1 Dev4Press GD Security Headers 1.7	10

References

https://patchstack.com/database/vulnerability/gd-security-headers/wordpress-gd-security-headers-plugin-1-7-sql-injection-vulnerability?_s_id=cve
https://patchstack.com/database/vulnerability/gd-security-headers/wordpress-gd-security-headers-plugin-1-7-sql-injection-vulnerability?_s_id=cve