AI Score
Confidence
Low
EPSS
Percentile
55.0%
Description The plugin is missing capability checks on the register function, allowing authenticated users, with roles as low as subscriber, to modify the contents of the site’s .htaccess files, leading to potential remote code execution.
www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-extra/wp-extra-62-missing-authorization-to-htaccess-file-modification