cleantalk
Vulnerabilities and Security Researches

Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease, CVE-2024-0656

CVE, Research URL

CVE-2024-0656

Home page URL

Security reports for Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease

Application

Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease

Published on
Feb 29, 2024
Research Description
The Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Captcha Site Key in all versions up to, and including, 2.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions
Min -, max 2.6.7.
Status
vulnerable
Previous vulnerability researches
Wp Edit Password Protected – Create Member/User Only Page & Design Password Protected Form (1e0884ac1bf0d8c5dc23bd874438b262b36ec45f) , Jun 06, 2024
Password Protected Store for WooCommerce (CVE-2024-1088) , Jun 07, 2024
Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease (4219069bbfaf3f7e65d60199dca25fc1f1f2ec0f) , Jun 07, 2024
Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease (CVE-2023-32580) , Jun 07, 2024
Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease (CVE-2024-0656) , Jun 07, 2024
New vulnerability
WP Logger (CVE-2025-39456) , Apr 20, 2025
visualslider Sldier (CVE-2025-23448) , Apr 20, 2025
RSS Manager (CVE-2025-39418) , Apr 20, 2025
Contact Form vCard Generator (CVE-2025-39521) , Apr 20, 2025
AdminQuickbar (CVE-2025-39464) , Apr 20, 2025