The WP EXtra plugin for WordPress is vulnerable to unauthorized changes. This means that people who are logged in, with lower level permissions, can alter the contents of the .htaccess files located in the root directory of the website, or in the /wp-content and /wp-includes folders. This could lead to remote code execution. Versions of the plugin up to 6.2 are affected.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
