cleantalk
Vulnerabilities and Security Researches

Protect WP Admin, CVE-2021-24906

CVE, Research URL

CVE-2021-24906

Home page URL

Security reports for Protect WP Admin

Application

Protect WP Admin

Published on
Jan 24, 2022
Research Description
The Protect WP Admin WordPress plugin before 3.6.2 does not check for authorisation in the lib/pwa-deactivate.php file, which could allow unauthenticated users to disable the plugin (and therefore the protection offered) via a crafted request
Affected versions
max 3.8.
Status
vulnerable
Previous vulnerability researches
Protect WP Admin (CVE-2023-3139) , Jun 06, 2024
Protect WP Admin (CVE-2021-24906) , Jun 06, 2024
Protect WP Admin (CVE-2025-64249) , Jan 10, 2026
New vulnerability
Pure WC Variation Swatches (CVE-2025-12820) , Jan 11, 2026
WP Scraper (CVE-2025-62088) , Jan 11, 2026
Chat Widget: Customer Support Button with SMS Call Button, Click to Chat Messenger Live Chat Support Chat Button – Bit As (CVE-2025-68596) , Jan 11, 2026
Free Follow-Up Emails & Marketing Automation for WooCommerce – ShopMagic (CVE-2025-69093) , Jan 11, 2026
SALESmanago (CVE-2025-68571) , Jan 11, 2026