Medium severity6.5NVD Advisory· Published Oct 13, 2025· Updated Apr 15, 2026
CVE-2025-10720
CVE-2025-10720
Description
The WP Private Content Plus through 3.6.2 provides a global content protection feature that requires a password. However, the access control check is based only on the presence of an unprotected client-side cookie. As a result, an unauthenticated attacker can completely bypass the password protection by manually setting the cookie value in their browser.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <=3.6.2
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.