Stored Cross-Site Scripting Vulnerability in WP htaccess Control Plugin
CVE-2023-25462

5.9MEDIUM

Key Information:

Vendor: WordPress
Status: WP Htaccess Control
Vendor: CVE Published:; 30 August 2023

Summary

A stored Cross-Site Scripting (XSS) vulnerability has been identified in the WP htaccess Control plugin for WordPress, affecting versions up to 3.5.1. This vulnerability allows authenticated users with administrative privileges to inject malicious scripts into the application, which can later be executed by other users visiting the compromised site. Exploiting this vulnerability poses significant risks, as it can lead to unauthorized actions, data leakage, and further attacks on the web application and its users.

Affected Version(s)

WP htaccess Control <= 3.5.1

References

https://patchstack.com/database/vulnerability/wp-htaccess...

vdb-entry

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 30, 2023