CVE-2026-2717

The HTTP Headers plugin for WordPress is vulnerable to CRLF Injection in all versions up to, and including, 1.19.2. This is due to insufficient sanitization of custom header name and value fields before writing them to the Apache .htaccess file via insertwithmarkers. This makes it possible for...

CVE-2026-2717

The HTTP Headers plugin for WordPress is vulnerable to CRLF Injection in all versions up to, and including, 1.19.2. This is due to insufficient sanitization of custom header name and value fields before writing them to the Apache .htaccess file via insertwithmarkers. This makes it possible for...

PT-2026-34272

Name of the Vulnerable Software and Affected Versions HTTP Headers plugin for WordPress versions prior to 1.19.3 Description Insufficient sanitization of custom header name and value fields before they are written to the Apache .htaccess file via the insert with markers function allows...

EUVD-2009-0754

Malware in sbrugna...

EUVD-2017-9521

Malware in sbrugna...

EUVD-2020-29506

Malware in sbrugna...

CVE-2023-5311

The WP EXtra plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to modify the...

WordPress Plugin WP Extra Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2023-32031 · WordPress · Wp Extra

Name of the Vulnerable Software and Affected Versions: WP EXtra plugin for WordPress versions up to, and including, 6.2 Description: The issue allows authenticated attackers with subscriber-level permissions and above to modify the contents of the .htaccess files located in a site's root director...

Images to WebP < 1.9 - Multiple Cross Site Request Forgery (CSRF)

The plugin does not have CSRF checks in place when performing some administrative actions, which could result in modification of plugin settings, Denial-of-Service, as well as arbitrary image conversion The PoC varies based on the endpoint targeted. Here is one example that will modify the...

Images to WebP < 1.9 - Multiple Cross Site Request Forgery (CSRF)

The plugin does not have CSRF checks in place when performing some administrative actions, which could result in modification of plugin settings, Denial-of-Service, as well as arbitrary image conversion PoC The PoC varies based on the endpoint targeted. Here is one example that will modify the...

CVE-2017-18405

CVE-2017-18405 affects cPanel before 68.0.15. The issue arises from the backup .htaccess modification logic (SEC-345) and enables arbitrary file-read operations. The vulnerability is locally exploitable with no user interaction required, and could lead to exposure of restricted files (confidentia...

CVE-2002-0919

CGIScript.net csPassword.cgi allows remote authenticated users to modify the .htaccess file and gain privileges via newlines in the title field of the edit page...

EUVD-2002-0910

CGIScript.net csPassword.cgi allows remote authenticated users to modify the .htaccess file and gain privileges via newlines in the title field of the edit page...