CVE-2026-1379

Name of the Vulnerable Software and Affected Versions HTTP Headers plugin for WordPress versions prior to 1.19.3

Description Insufficient input sanitization and output escaping in admin settings allow authenticated attackers with administrator-level permissions and above to perform Stored Cross-Site Scripting. This enables the injection of arbitrary web scripts into pages, which execute when a user accesses them. This issue specifically affects multi-site installations and environments where unfiltered html has been disabled.

Recommendations Update the plugin to a version later than 1.19.2.