Vulnerabilities and security researches forwp-private-content-plus wp-private-content-plus

Jun 10, 2024

CVE, Research URL: CVE-2021-4385
Home page URL: Security reports for WP Private Content Plus
Application: WP Private Content Plus
Date: Jul 01, 2023
Research Description: The WP Private Content Plus plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1. This is due to missing or incorrect nonce validation on the save_groups() function. This makes it possible for unauthenticated attackers to add new group members via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-0680
Home page URL: Security reports for WP Private Content Plus
Application: WP Private Content Plus
Date: Feb 28, 2024
Research Description: The WP Private Content Plus plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 3.6. This is due to the plugin not properly restricting access to posts via the REST API when a page has been made private. This makes it possible for unauthenticated attackers to view protected posts.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2019-15816
Home page URL: Security reports for WP Private Content Plus
Application: WP Private Content Plus
Date: Aug 30, 2019
Research Description: The wp-private-content-plus plugin before 2.0 for WordPress has no protection against option changes via save_settings_page and other save_ functions.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: -
Home page URL: Security reports for WP Private Content Plus
Application: WP Private Content Plus
Date: Jun 07, 2023
Research Description: Rejected reason: CVE split into individual CVE IDs for each software record.
Affected versions: Min -, max -.
Status: vulnerable

Dec 07, 2024

CVE, Research URL: CVE-2024-11292
Home page URL: Security reports for WP Private Content Plus
Application: WP Private Content Plus
Date: Dec 06, 2024
Research Description: The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.1 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.
Affected versions: Min -, max -.
Status: vulnerable

Aug 12, 2025

CVE, Research URL: CVE-2025-4390
Home page URL: Security reports for WP Private Content Plus
Application: WP Private Content Plus
Date: Aug 12, 2025
Research Description: The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.2 via the 'validate_restrictions' function. This makes it possible for unauthenticated attackers to extract sensitive data including the content of resticted posts on archive and feed pages.
Affected versions: Min -, max -.
Status: vulnerable