VYPR

Wp Private Content Plus

by WordPress

Source repositories

CVEs (6)

  • CVE-2019-15816HigAug 30, 2019
    risk 0.49cvss 7.5epss 0.02

    The wp-private-content-plus plugin before 2.0 for WordPress has no protection against option changes via save_settings_page and other save_ functions.

  • CVE-2025-10720MedOct 13, 2025
    risk 0.42cvss 6.5epss 0.00

    The WP Private Content Plus through 3.6.2 provides a global content protection feature that requires a password. However, the access control check is based only on the presence of an unprotected client-side cookie. As a result, an unauthenticated attacker can completely bypass…

  • CVE-2025-4390MedAug 12, 2025
    risk 0.34cvss 5.3epss 0.00

    The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.2 via the 'validate_restrictions' function. This makes it possible for unauthenticated attackers to extract sensitive data including the…

  • CVE-2024-11292MedDec 6, 2024
    risk 0.34cvss 5.3epss 0.00

    The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.1 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have…

  • CVE-2024-0680MedFeb 28, 2024
    risk 0.34cvss 5.3epss 0.01

    The WP Private Content Plus plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 3.6. This is due to the plugin not properly restricting access to posts via the REST API when a page has been made private. This makes it possible for…

  • CVE-2021-4385MedJul 1, 2023
    risk 0.28cvss 4.3epss 0.00

    The WP Private Content Plus plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1. This is due to missing or incorrect nonce validation on the save_groups() function. This makes it possible for unauthenticated attackers to add new…