CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49256 – WordPress Htaccess File Editor plugin <= 1.0.18 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-49256
Incorrect Authorization vulnerability in WPChill Htaccess File Editor allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Htaccess File Editor: from n/a through 1.0.18. Incorrect Authorization vulnerability in WPChill Htaccess File Editor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Htaccess File Editor: from n/a through 1.0.18. The Htaccess File Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in the class-htaccess-file-editor-ebwp-notice.php file in versions up to, and including, 1.0.18. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions. • https://patchstack.com/database/vulnerability/htaccess-file-editor/wordpress-htaccess-file-editor-plugin-1-0-18-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization CWE-863: Incorrect Authorization •