What is the severity of CVE-2025-22773?

CVE-2025-22773 is rated as a medium-severity vulnerability due to its potential for exposing sensitive information.

How do I fix CVE-2025-22773?

To fix CVE-2025-22773, you should update the WPChill Htaccess File Editor plugin to a version later than 1.0.19.

What systems are affected by CVE-2025-22773?

CVE-2025-22773 affects WPChill Htaccess File Editor and WordPress Htaccess File Editor versions up to 1.0.19.

Who is the vendor for the software affected by CVE-2025-22773?

The vendor for the affected software related to CVE-2025-22773 is WPChill.

Vulnerability/
CVE-2025-22773

medium

5.3

CWE

538

EPSS

0.043%

15/1/2025

CVE-2025-22773: WordPress Htaccess File Editor <= 1.0.19 - Broken Authentication vulnerability

Q: What kind of issues does CVE-2025-22773 introduce?

CVE-2025-22773 allows exploitation of incorrectly configured access control security levels, leading to sensitive information exposure.

First published: Wed Jan 15 2025(Updated: )

Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in WPChill Htaccess File Editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Htaccess File Editor: from n/a through 1.0.19.

Credit: audit@patchstack.com

Affected Software	Affected Version	How to fix
WPChill Htaccess File Editor	<=1.0.19
WordPress Htaccess File Editor	<=1.0.19

Remedy

Update the WordPress Htaccess File Editor wordpress plugin to the latest available version (at least 1.0.20).

Never miss a vulnerability like this again

Reference Links

https://patchstack.com/database/wordpress/plugin/htaccess-file-editor/vulnerability/wordpress-htaccess-file-editor-1-0-19-broken-authentication-vulnerability?_s_id=cve

Frequently Asked Questions

What is the severity of CVE-2025-22773?
CVE-2025-22773 is rated as a medium-severity vulnerability due to its potential for exposing sensitive information.
How do I fix CVE-2025-22773?
To fix CVE-2025-22773, you should update the WPChill Htaccess File Editor plugin to a version later than 1.0.19.
What systems are affected by CVE-2025-22773?
CVE-2025-22773 affects WPChill Htaccess File Editor and WordPress Htaccess File Editor versions up to 1.0.19.
What kind of issues does CVE-2025-22773 introduce?
CVE-2025-22773 allows exploitation of incorrectly configured access control security levels, leading to sensitive information exposure.
Who is the vendor for the software affected by CVE-2025-22773?
The vendor for the affected software related to CVE-2025-22773 is WPChill.

agent/remedy
agent/title
agent/weakness
agent/references
agent/first-publish-date
agent/type
agent/description
collector/nvd-api
source/NVD
agent/severity
agent/author
agent/event
agent/source
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/softwarecombine
collector/epss-latest
source/FIRST
agent/epss
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/wpchill
canonical/wpchill htaccess file editor
vendor/wordpress
canonical/wordpress htaccess file editor

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.