Vulnerabilities and security researches forprotect-wp-admin protect-wp-admin

Jun 06, 2024

CVE, Research URL: CVE-2023-3139
Home page URL: Security reports for Protect WP Admin
Application: Protect WP Admin
Date: Jul 04, 2023
Research Description: The Protect WP Admin WordPress plugin before 4.0 discloses the URL of the admin panel via a redirection of a crafted URL, bypassing the protection offered.
Affected versions: max 4.0.
Status: vulnerable

CVE, Research URL: CVE-2021-24906
Home page URL: Security reports for Protect WP Admin
Application: Protect WP Admin
Date: Jan 24, 2022
Research Description: The Protect WP Admin WordPress plugin before 3.6.2 does not check for authorisation in the lib/pwa-deactivate.php file, which could allow unauthenticated users to disable the plugin (and therefore the protection offered) via a crafted request
Affected versions: max 3.8.
Status: vulnerable

Jan 10, 2026

CVE, Research URL: CVE-2025-64249
Home page URL: Security reports for Protect WP Admin
Application: Protect WP Admin
Date: Dec 16, 2025
Research Description: Missing Authorization vulnerability in WP-EXPERTS.IN Protect WP Admin protect-wp-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Protect WP Admin: from n/a through <= 4.1.
Affected versions: max 4.1.
Status: vulnerable