CVE-2025-10720
WP Private Content Plus <= 3.6.2 - Password Protection Bypass
The WP Private Content Plus through 3.6.2 provides a global content protection feature that requires a password. However, the access control check is based only on the presence of an unprotected client-side cookie. As a result, an unauthenticated attacker can completely bypass the password protection by manually setting the cookie value in their browser.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Productos afectados
Unknown · WP Private Content Plus¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →