Title: XSS Issue reported by PatchStack
Last modified: April 22, 2026

---

# XSS Issue reported by PatchStack

 *  Resolved [dooza](https://wordpress.org/support/users/dooza/)
 * (@dooza)
 * [3 weeks, 1 day ago](https://wordpress.org/support/topic/xss-issue-reported-by-patchstack/)
 * Hi there,
   I assume this has been reported by PatchStack to you always which is
   why the plugin is under investigation.
 * [https://patchstack.com/database/wordpress/plugin/http-headers/vulnerability/wordpress-http-headers-plugin-1-19-2-authenticated-administrator-stored-cross-site-scripting-vulnerability](https://patchstack.com/database/wordpress/plugin/http-headers/vulnerability/wordpress-http-headers-plugin-1-19-2-authenticated-administrator-stored-cross-site-scripting-vulnerability)
 * [https://www.cve.org/CVERecord?id=CVE-2026-1379](https://www.cve.org/CVERecord?id=CVE-2026-1379)
 * It appears to be Admins or above who can take advantage of this vulnerability
   but it would be great to know if it’s being fixed, otherwise we need to look 
   for an alternative plugin.

Viewing 1 replies (of 1 total)

 *  Plugin Author [Dimitar Ivanov](https://wordpress.org/support/users/zinoui/)
 * (@zinoui)
 * [2 weeks, 3 days ago](https://wordpress.org/support/topic/xss-issue-reported-by-patchstack/#post-18891720)
 * [@dooza](https://wordpress.org/support/users/dooza/) thank you for this bug report.
   
   I’ve just repleased a new version that address the issue.

Viewing 1 replies (of 1 total)

You must be [logged in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fxss-issue-reported-by-patchstack%2F%3Foutput_format%3Dmd&locale=en_US)
to reply to this topic.

 * ![](https://ps.w.org/http-headers/assets/icon-128x128.png?rev=1413576)
 * [HTTP Headers](https://wordpress.org/plugins/http-headers/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/http-headers/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/http-headers/)
 * [Active Topics](https://wordpress.org/support/plugin/http-headers/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/http-headers/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/http-headers/reviews/)

## Tags

 * [xss](https://wordpress.org/support/topic-tag/xss/)

 * 1 reply
 * 2 participants
 * Last reply from: [Dimitar Ivanov](https://wordpress.org/support/users/zinoui/)
 * Last activity: [2 weeks, 3 days ago](https://wordpress.org/support/topic/xss-issue-reported-by-patchstack/#post-18891720)
 * Status: resolved