CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22773 – WordPress Htaccess File Editor <= 1.0.19 - Broken Authentication vulnerability
https://notcve.org/view.php?id=CVE-2025-22773
14 Jan 2025 — Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in WPChill Htaccess File Editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Htaccess File Editor: from n/a through 1.0.19. The Htaccess File Editor – Easily Edit, Backup, Restore .htaccess file plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.19 via the location of .htaccess file backups. This makes it possi... • https://patchstack.com/database/wordpress/plugin/htaccess-file-editor/vulnerability/wordpress-htaccess-file-editor-1-0-19-broken-authentication-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49256 – WordPress Htaccess File Editor plugin <= 1.0.18 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-49256
14 Oct 2024 — Incorrect Authorization vulnerability in WPChill Htaccess File Editor allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Htaccess File Editor: from n/a through 1.0.18. Incorrect Authorization vulnerability in WPChill Htaccess File Editor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Htaccess File Editor: from n/a through 1.0.18. The Htaccess File Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability ... • https://patchstack.com/database/vulnerability/htaccess-file-editor/wordpress-htaccess-file-editor-plugin-1-0-18-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization CWE-863: Incorrect Authorization •