WordPress Plugin Vulnerabilities

Htaccess by BestWebSoft < 1.8.2 - CSRF to edit .htaccess

Description

The Htaccess by BestWebSoft WordPress plugin was affected by a CSRF to edit .htaccess security vulnerability.

Proof of Concept

Affects Plugins

Plugin icon
htaccess
Fixed in 1.8.2

References

CVE
CVE-2020-8658
URL
https://github.com/V1n1v131r4/Exploiting-WP-Htaccess-by-BestWebSoft-Plugin/blob/master/README.md

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
8.8 (high)

Miscellaneous

Original Researcher
V1n1v131r4
Verified
Yes
WPVDB ID
77165939-b599-47d0-877b-a739a8e0fc49

Timeline

Publicly Published
2020-02-01 (about 6 years ago)
Added
2020-02-06 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-04-09
Title
WP Performance Pack <= 2.5.4 - Cross-Site Request Forgery
Published
2025-09-05
Title
MSTW League Manager <= 2.10 - Cross-Site Request Forgery
Published
2025-04-24
Title
Availability Calendar <= 0.2.4 - Cross-Site Request Forgery
Published
2023-09-13
Title
10Web Map Builder for Google Maps < 1.0.74 - Cross-Site Request Forgery to Notice Dismissal
Published
2025-06-27
Title
Slickstream < 3.0.0 - Cross-Site Request Forgery