Description
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.
Remediation
References
Related Vulnerabilities
WordPress Plugin WooCommerce Possible Remote Code Execution (3.5.0)
WordPress Plugin Tags Cloud Manager Cross-Site Scripting (1.0.0)
Jenkins Improper Restriction of Rendered UI Layers or Frames Vulnerability (CVE-2020-2105)
WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.38)
ReviveAdserver Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-9456)