Description
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.
Remediation
References
Related Vulnerabilities
WordPress Plugin BuddyPress PHP Object Injection (2.0.2)
WordPress Plugin One User Avatar-User Profile Picture Unspecified Vulnerability (2.3.8)
Oracle Database Server CVE-2010-0903 Vulnerability (CVE-2010-0903)
WordPress Plugin iThemes Security (formerly Better WP Security) Cross-Site Scripting (5.3.4)
WordPress Plugin JW Player for Flash & HTML5 Video Cross-Site Request Forgery (2.1.11)