Skip to main content

Htaccess

3 CVEs product

Monthly

CVE-2020-8658 HIGH POC This Week

The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp-admin/admin.php?page=htaccess.php&action=htaccess_editor CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF PHP Htaccess
NVD GitHub
CVSS 3.1
8.8
EPSS
9.9%
CVE-2017-2171 MEDIUM This Month

Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Google Captcha Car Rental Contact Form +48
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-3349 MEDIUM PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the Htaccess module before 7.x-2.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Htaccess
NVD
CVSS 2.0
6.8
EPSS
0.1%
EPSS 10% CVSS 8.8
HIGH POC This Week

The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp-admin/admin.php?page=htaccess.php&action=htaccess_editor CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF PHP +1
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Google Captcha +50
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the Htaccess module before 7.x-2.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Htaccess
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy