cleantalk
Vulnerabilities and Security Researches

WP Private Content Plus, CVE-2025-10720

CVE, Research URL

CVE-2025-10720

Home page URL

Security reports for WP Private Content Plus

Application

WP Private Content Plus

Published on
Oct 13, 2025
Research Description
The WP Private Content Plus through 3.6.2 provides a global content protection feature that requires a password. However, the access control check is based only on the presence of an unprotected client-side cookie. As a result, an unauthenticated attacker can completely bypass the password protection by manually setting the cookie value in their browser.
Affected versions
max 3.6.2.
Status
vulnerable
Previous vulnerability researches
Sendle Shipping Plugin (CVE-2025-60139) , Oct 11, 2025
Sendle Shipping Plugin (CVE-2023-45761) , Jun 07, 2024
Sendle Shipping Plugin (CVE-2025-62976) , Nov 10, 2025
New vulnerability
JB News Ticker (CVE-2025-11804) , Nov 11, 2025
My auctions allegro (CVE-2025-10048) , Nov 11, 2025
Sertifier Certificates & Open Badges – Tutor LMS (CVE-2025-53214) , Nov 11, 2025
Toast Mobile Menu – PageSpeed Insights Friendly (CVE-2025-53238) , Nov 11, 2025
Stripe Payment forms for WordPress Plugin – WP Full Pay (CVE-2025-9322) , Nov 11, 2025