cleantalk
Vulnerabilities and Security Researches

Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease, CVE-2025-3453

CVE, Research URL

CVE-2025-3453

Home page URL

Security reports for Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease

Application

Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease

Published on
Apr 17, 2025
Research Description
The Password Protected – Password Protect your WordPress Site, Pages, & WooCommerce Products – Restrict Content, Protect WooCommerce Category and more plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.7.7 via the 'password_protected_cookie' function. This makes it possible for unauthenticated attackers to extract sensitive data including all protected site content if the 'Use Transient' setting is enabled.
Affected versions
Min -, max 2.7.8.
Status
vulnerable
Previous vulnerability researches
JS Job Manager (CVE-2025-32627) , Apr 14, 2025
JS Job Manager (CVE-2025-31868) , Apr 03, 2025
JS Job Manager (CVE-2023-28689) , Jun 10, 2024
JS Job Manager (CVE-2025-31867) , Apr 03, 2025
JS Job Manager (CVE-2018-20974) , Jun 06, 2024
New vulnerability
Cost Calculator Builder (CVE-2025-39587) , Apr 19, 2025
Klarna Checkout for WooCommerce (CVE-2024-13925) , Apr 19, 2025
WordPress Button Plugin MaxButtons (CVE-2025-39444) , Apr 19, 2025
Course Booking System (CVE-2025-32508) , Apr 19, 2025
Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Wo (CVE-2025-39588) , Apr 19, 2025