5 matches found
CVE-2023-47825
CVE-2023-47825 affects WordPress WP EXtra plugin, version
CVE-2023-5314
WP EXtra plugin for WordPress (any version ≤ 6.2) is affected by a missing capability check in the test-email portion of the register() function, allowing authenticated users with minimal privileges (e.g., subscriber) to send emails with arbitrary content via the site’s mail server. CVSS v3.1 bas...
CVE-2023-46212
CVE-2023-46212 affects the WordPress plugin WP EXtra (
CVE-2023-5311
CVE-2023-5311 concerns the WP EXtra WordPress plugin. A missing capability check in the register() function in versions up to 6.2 allows authenticated users with subscriber-level permissions or higher to modify .htaccess in site root, /wp-content, or /wp-includes and can lead to remote code execu...
CVE-2023-46623
CVE-2023-46623 affects the WordPress WP EXtra plugin (versions ≤ 6.2). The vulnerability is described as a remote code execution (RCE) due to improper control of code generation, reportedly exploitable via htaccess modifications. A fix is available in version 6.3. Reported CVSS scores indicate hi...