Password Protected
by WordPress
Source repositories
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-0656 | Med | 0.29 | 4.4 | 0.00 | Feb 29, 2024 | The Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Captcha Site Key in all versions up to, and including, 2.6.6 due to insufficient input sanitization… | ||
| CVE-2024-0437 | Med | 0.28 | 4.3 | 0.00 | May 15, 2024 | The Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.6 via the API. This makes it possible for authenticated attackers, with… | ||
| CVE-2025-11244 | Low | 0.24 | 3.7 | 0.00 | Oct 25, 2025 | The Password Protected plugin for WordPress is vulnerable to authorization bypass via IP address spoofing in all versions up to, and including, 2.7.11. This is due to the plugin trusting client-controlled HTTP headers (such as X-Forwarded-For, HTTP_CLIENT_IP, and similar… | ||
| CVE-2023-32580 | 0.00 | — | 0.00 | Jun 23, 2023 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPExperts Password Protected plugin <= 2.6.2 versions. |
- risk 0.29cvss 4.4epss 0.00
The Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Captcha Site Key in all versions up to, and including, 2.6.6 due to insufficient input sanitization…
- risk 0.28cvss 4.3epss 0.00
The Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.6 via the API. This makes it possible for authenticated attackers, with…
- risk 0.24cvss 3.7epss 0.00
The Password Protected plugin for WordPress is vulnerable to authorization bypass via IP address spoofing in all versions up to, and including, 2.7.11. This is due to the plugin trusting client-controlled HTTP headers (such as X-Forwarded-For, HTTP_CLIENT_IP, and similar…
- CVE-2023-32580Jun 23, 2023risk 0.00cvss —epss 0.00
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPExperts Password Protected plugin <= 2.6.2 versions.