CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

RedhatCVE•added 2026/01/09 10:33 a.m.•7 views

CVE-2017-18496

The htaccess plugin before 1.7.6 for WordPress has multiple XSS issues...

6.1CVSS6.2AI score0.00104EPSS

Exploits1References1

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2020-29506

Malware in sbrugna...

8.8CVSS8.5AI score0.02152EPSS

Exploits2References4

RedhatCVE•added 2025/05/22 5:13 p.m.•12 views

CVE-2020-8658

The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp-admin/admin.php?page=htaccess.php=htaccesseditor CSRF. The flag htccssnoncename passes the nonce to WordPress but the plugin does not validate it correctly, resulting in a wrong implementation of anti-CSRF protection. In this...

8.8CVSS7AI score0.02152EPSS

Exploits2References1

OSV•added 2020/02/06 3:15 a.m.•2 views

CVE-2020-8658

The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp-admin/admin.php?page=htaccess.php&action=htaccesseditor CSRF. The flag htccssnoncename passes the nonce to WordPress but the plugin does not validate it correctly, resulting in a wrong implementation of anti-CSRF protection. In...

8.8CVSS7.3AI score0.02152EPSS

Exploits2References3

Prion•added 2020/02/06 3:15 a.m.•13 views

Cross site request forgery (csrf)

6.8CVSS8.6AI score0.02152EPSS

Exploits2References3Affected Software1

CVE•added 2020/02/06 2:19 a.m.•135 views

CVE-2020-8658

The CVE concerns WordPress plugin BestWebSoft Htaccess (

8.8CVSS8.6AI score0.02152EPSS

Exploits2References3Affected Software1

Patchstack•added 2020/02/01 12:0 a.m.•14 views

WordPress Htaccess by BestWebSoft plugin <= 1.8.1 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by V1n1v131r4 in WordPress Htaccess by BestWebSoft plugin versions = 1.8.1. Solution Update the WordPress Htaccess by BestWebSoft plugin to the latest available version at least 1.8.2...

2.2AI score0.02152EPSS

Exploits2References3Affected Software1

CNVD•added 2019/10/12 12:0 a.m.•1 views

WordPress htaccess plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. htaccess is an access control plugin used in it. A cross-site scripting vulnerability exists in the WordPress htaccess plugin versions...

6.1CVSS6.2AI score0.00104EPSS

Exploits1References1

NVD•added 2019/08/13 5:15 p.m.•11 views

CVE-2017-18496

The htaccess plugin before 1.7.6 for WordPress has multiple XSS issues...

6.1CVSS6.1AI score0.00104EPSS

Exploits1References1

OSV•added 2019/08/13 5:15 p.m.•2 views

CVE-2017-18496

The htaccess plugin before 1.7.6 for WordPress has multiple XSS issues...

6.1CVSS5.8AI score0.00104EPSS

Exploits1References1

Prion•added 2019/08/13 5:15 p.m.•13 views

Cross site scripting

The htaccess plugin before 1.7.6 for WordPress has multiple XSS issues...

4.3CVSS6AI score0.00104EPSS

Exploits1References1Affected Software1

Cvelist•added 2019/08/13 4:39 p.m.•10 views

CVE-2017-18496

The htaccess plugin before 1.7.6 for WordPress has multiple XSS issues...

6.1AI score0.00104EPSS

Exploits1References1

CVE•added 2019/08/13 4:39 p.m.•70 views

CVE-2017-18496

Summary for CVE-2017-18496 : The WordPress htaccess plugin from BestWebSoft, prior to version 1.7.6, contains multiple Cross‑Site Scripting (XSS) flaws. Technical details across sources indicate the vulnerability resides in the htaccess plugin’s handling of user-supplied data, enabling an authent...

6.1CVSS6AI score0.00104EPSS

Exploits1References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by