Medium severity5.4NVD Advisory· Published Apr 25, 2025· Updated Apr 15, 2026
CVE-2025-3861
CVE-2025-3861
Description
The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to unauthorized access and modification of data| due to a misconfigured capability check on the 'pda_lite_custom_permission_check' function in versions 2.8.6 to 2.8.8.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to access and change the protection status of media.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2>=2.8.6,<=2.8.8.2+ 1 more
- (no CPE)range: >=2.8.6,<=2.8.8.2
- (no CPE)range: >=2.8.6, <=2.8.8.2
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.