Medium severity5.3NVD Advisory· Published Apr 25, 2025· Updated Apr 15, 2026
CVE-2025-3923
CVE-2025-3923
Description
The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.8 via the 'generate_unique_string' due to insufficient randomness of the generated file name. This makes it possible for unauthenticated attackers to extract sensitive data including files protected by the plugin if the attacker can determine the file name.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=2.8.8
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.