VYPR

Private Content

by WordPress

Source repositories

CVEs (6)

  • CVE-2025-26966CriFeb 25, 2025
    risk 0.64cvss 9.8epss 0.01

    Authentication Bypass Using an Alternate Path or Channel vulnerability in Aldo Latino PrivateContent private-content.This issue affects PrivateContent: from n/a through <= 8.11.5.

  • CVE-2025-26976HigMar 15, 2025
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aldo Latino PrivateContent private-content.This issue affects PrivateContent: from n/a through <= 8.11.4.

  • CVE-2025-26969HigMar 15, 2025
    risk 0.54cvss 8.3epss 0.00

    Missing Authorization vulnerability in Aldo Latino PrivateContent. This issue affects PrivateContent: from n/a through 8.11.5.

  • CVE-2025-26972HigMar 15, 2025
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound PrivateContent. This issue affects PrivateContent: from n/a through 8.11.5.

  • CVE-2024-13248MedJan 9, 2025
    risk 0.36cvss 5.5epss 0.00

    Incorrect Privilege Assignment vulnerability in Drupal Private content allows Target Influence via Framing.This issue affects Private content: from 0.0.0 before 2.1.0.

  • CVE-2026-2281MedFeb 18, 2026
    risk 0.22cvss 4.4epss 0.00

    The Private Comment plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Label text' setting in all versions up to, and including, 0.0.4. This is due to insufficient input sanitization and output escaping on the plugin's label text option. This makes it…