Vulnerabilities and security researches forcontent-protector content-protector
Direction: descendingFeb 27, 2026
Passster – Password Protect Pages and Content # CVE-2026-25036
- CVE, Research URL
- Date
- Feb 03, 2026
- Research Description
- Missing Authorization vulnerability in WP Chill Passster content-protector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Passster: from n/a through <= 4.2.25.
- Affected versions
-
max 4.2.25.
- Status
-
vulnerable
Passster – Password Protect Pages and Content # CVE-2025-14865
- CVE, Research URL
- Date
- Jan 28, 2026
- Research Description
- The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'content_protector' shortcode in all versions up to, and including, 4.2.24. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 4.2.21.
- Affected versions
-
max 4.2.25.
- Status
-
vulnerable
Jan 10, 2026
Passster – Password Protect Pages and Content # CVE-2025-64218
- CVE, Research URL
- Date
- Dec 18, 2025
- Research Description
- Insertion of Sensitive Information Into Sent Data vulnerability in WP Chill Passster content-protector allows Retrieve Embedded Sensitive Data.This issue affects Passster: from n/a through <= 4.2.19.
- Affected versions
-
max 4.2.19.
- Status
-
vulnerable
Jan 08, 2025
Passster – Password Protect Pages and Content # CVE-2024-11282
- CVE, Research URL
- Date
- Jan 07, 2025
- Research Description
- The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.10 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.
- Affected versions
-
max 4.2.11.
- Status
-
vulnerable
Nov 15, 2024
Passster – Password Protect Pages and Content # CVE-2022-4974
- CVE, Research URL
- Date
- Oct 16, 2024
- Research Description
- The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
- Affected versions
-
max 3.5.5.2.
- Status
-
vulnerable
Jun 07, 2024
Passster – Password Protect Pages and Content # bfdd54390f6c678c900a611cd5bef14a09d074cd
- CVE, Research URL
- Date
- Feb 28, 2022
- Research Description
- Passster – Password Protect Pages and Content [content-protector] < 3.5.5.2 WordPress Passster – Password Protection plugin <= 3.5.5.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability discovered in WordPress Passster – Password Protection plugin (versions <= 3.5.5.1).
- Affected versions
-
max 3.5.5.2.
- Status
-
vulnerable
Passster – Password Protect Pages and Content # CVE-2021-24881
- CVE, Research URL
- Date
- Jan 23, 2023
- Research Description
- The Passster WordPress plugin before 3.5.5.9 does not properly check for password, as well as that the post to be viewed is public, allowing unauthenticated users to bypass the protection offered by the plugin, and access arbitrary posts (such as private) content, by sending a specifically crafted request.
- Affected versions
-
max 3.5.5.9.
- Status
-
vulnerable
Passster – Password Protect Pages and Content # CVE-2024-2026
- CVE, Research URL
- Date
- Apr 10, 2024
- Research Description
- The Passster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's content_protector shortcode in all versions up to, and including, 4.2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
max 4.2.6.5.
- Status
-
vulnerable
Passster – Password Protect Pages and Content # CVE-2024-0616
- CVE, Research URL
- Date
- Feb 29, 2024
- Research Description
- The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.2 via API. This makes it possible for unauthenticated attackers to obtain post titles, slugs, IDs, content and other metadata including passwords of password-protected posts and pages.
- Affected versions
-
max 4.2.6.3.
- Status
-
vulnerable
Passster – Password Protect Pages and Content # CVE-2022-3206
- CVE, Research URL
- Date
- Oct 17, 2022
- Research Description
- The Passster WordPress plugin before 3.5.5.5.2 stores the password inside a cookie named "passster" using base64 encoding method which is easy to decode. This puts the password at risk in case the cookies get leaked.
- Affected versions
-
max 3.5.5.2.
- Status
-
vulnerable
Passster – Password Protect Pages and Content # CVE-2021-24837
- CVE, Research URL
- Date
- Jan 23, 2023
- Research Description
- The Passster WordPress plugin before 3.5.5.8 does not escape the area parameter of its shortcode, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.
- Affected versions
-
max 3.5.5.9.
- Status
-
vulnerable