Login Sign Up

CVE-2023-1208

7.2 HIGH
Remote Code Execution

📋 TL;DR

The HTTP Headers WordPress plugin before version 1.18.11 contains a vulnerability that allows attackers to write arbitrary data to arbitrary files on the server. This can lead to remote code execution, potentially giving attackers full control over affected WordPress sites. All WordPress installations using vulnerable versions of this plugin are affected.

💻 Affected Systems

Products:
  • HTTP Headers WordPress Plugin
Versions: All versions before 1.18.11
Operating Systems: All operating systems running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires the plugin to be installed and activated. WordPress multisite installations may be particularly vulnerable due to shared file systems.

📦 What is this software?

Http Headers by Riverside

View all CVEs affecting Http Headers →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain complete control over the WordPress site, allowing them to deface content, steal sensitive data, install backdoors, or use the server for malicious activities like cryptocurrency mining or botnet participation.

🟠

Likely Case

Attackers upload web shells or malicious scripts to gain persistent access, then escalate privileges to compromise the entire WordPress installation and potentially other sites on the same server.

🟢

If Mitigated

With proper file permissions and security controls, exploitation might be limited to writing files in specific directories, but could still lead to privilege escalation or data manipulation.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authentication, but WordPress sites often have multiple user accounts that could be compromised through other means. The vulnerability is straightforward to exploit once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.18.11

Vendor Advisory: https://wordpress.org/plugins/http-headers/#developers

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'HTTP Headers' plugin. 4. Click 'Update Now' if update is available. 5. Alternatively, download version 1.18.11+ from WordPress.org and manually update.

🔧 Temporary Workarounds

Disable HTTP Headers Plugin

all

Temporarily disable the vulnerable plugin until patching is possible

wp plugin deactivate http-headers

Restrict File Write Permissions

linux

Set strict file permissions on WordPress directories to prevent arbitrary file writes

chmod 755 wp-content
chmod 644 wp-content/*

🧯 If You Can't Patch

  • Remove the HTTP Headers plugin completely if not essential
  • Implement web application firewall rules to block suspicious file write attempts

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Installed Plugins → HTTP Headers version. If version is below 1.18.11, you are vulnerable.

Check Version:

wp plugin get http-headers --field=version

Verify Fix Applied:

After updating, verify the plugin version shows 1.18.11 or higher in WordPress admin.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file write operations in wp-content directory
  • HTTP POST requests to plugin admin endpoints with file write parameters
  • Unexpected PHP file creation in uploads or plugins directories

Network Indicators:

  • HTTP requests containing file write parameters to /wp-admin/admin-ajax.php or plugin-specific endpoints
  • Unusual outbound connections from WordPress server after exploitation

SIEM Query:

source="wordpress.log" AND ("http-headers" OR "admin-ajax.php") AND ("file" OR "write" OR "upload")

📊 Metadata

CVE ID: CVE-2023-1208
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Published: July 10, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON