VYPR

Htaccess

by WordPress

CVEs (2)

  • CVE-2020-8658HigFeb 6, 2020
    risk 0.58cvss 8.8epss 0.10

    The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp-admin/admin.php?page=htaccess.php&action=htaccess_editor CSRF. The flag htccss_nonce_name passes the nonce to WordPress but the plugin does not validate it correctly, resulting in a wrong implementation of…

  • CVE-2017-18496MedAug 13, 2019
    risk 0.40cvss 6.1epss 0.01

    The htaccess plugin before 1.7.6 for WordPress has multiple XSS issues.