CVE-2023-37978: 
WordPress vulnerability analysis and mitigation

A Server-Side Request Forgery (SSRF) vulnerability was discovered in the WordPress HTTP Headers plugin developed by Dimitar Ivanov, affecting versions up to 1.18.11. The vulnerability was reported on June 30, 2023, and was assigned CVE-2023-37978 (Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 4.9 (MEDIUM) by NIST with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N, while Patchstack assessed it with a score of 4.4 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N. The vulnerability is classified under CWE-918 (Server-Side Request Forgery) (NVD).

The SSRF vulnerability could allow a malicious actor to cause a website to execute website requests to an arbitrary domain of the attacker's choosing. This could potentially lead to the discovery of sensitive information from other services running on the system (Patchstack).

The vulnerability has been fixed in version 1.19.0 of the HTTP Headers plugin. Users are advised to update to version 1.19.0 or later to remove the vulnerability. Patchstack users can enable auto-update for vulnerable plugins (Patchstack).