2 matches found
CVE-2023-5311 WP EXtra <= 6.2 - Missing Authorization to .htaccess File Modification
The WP EXtra plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to modify the...
CVE-2023-5311
CVE-2023-5311 concerns the WP EXtra WordPress plugin. A missing capability check in the register() function in versions up to 6.2 allows authenticated users with subscriber-level permissions or higher to modify .htaccess in site root, /wp-content, or /wp-includes and can lead to remote code execu...