Vulnerabilities and security researches forzip-code-based-content-protection zip-code-based-content-protection

Mar 29, 2026

CVE, Research URL: CVE-2025-14353
Home page URL: Security reports for ZIP Code Based Content Protection
Application: ZIP Code Based Content Protection
Date: Mar 07, 2026
Research Description: The ZIP Code Based Content Protection plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 1.0.2 via the 'zipcode' parameter. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions: max 1.0.2.
Status: vulnerable

Sep 10, 2025

CVE, Research URL: CVE-2025-59008
Home page URL: Security reports for ZIP Code Based Content Protection
Application: ZIP Code Based Content Protection
Date: Sep 09, 2025
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PressTigers ZIP Code Based Content Protection allows SQL Injection. This issue affects ZIP Code Based Content Protection: from n/a through 1.0.0.
Affected versions: max 1.0.0.
Status: vulnerable