Skip to main content

Gd Security Headers

2 CVEs product

Monthly

CVE-2026-57403 HIGH This Week

Reflected cross-site scripting in the GD Security Headers WordPress plugin (by Milan Petrovic, versions up to and including 1.8) lets remote attackers inject arbitrary JavaScript that executes in a victim's browser when they click a crafted link. The flaw stems from improper input neutralization during web page generation (CWE-79) and, per the CVSS scope-change metric, can affect resources beyond the vulnerable component. No public exploit code has been identified and it is not listed in CISA KEV, but disclosure by Patchstack makes the affected versions well documented.

XSS Gd Security Headers
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2023-40330 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Gd Security Headers
NVD
CVSS 3.1
6.1
EPSS
0.3%
EPSS 0% CVSS 7.1
HIGH This Week

Reflected cross-site scripting in the GD Security Headers WordPress plugin (by Milan Petrovic, versions up to and including 1.8) lets remote attackers inject arbitrary JavaScript that executes in a victim's browser when they click a crafted link. The flaw stems from improper input neutralization during web page generation (CWE-79) and, per the CVSS scope-change metric, can affect resources beyond the vulnerable component. No public exploit code has been identified and it is not listed in CISA KEV, but disclosure by Patchstack makes the affected versions well documented.

XSS Gd Security Headers
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Gd Security Headers
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy