cleantalk
Vulnerabilities and Security Researches

Prevent Direct Access – Protect WordPress Files, CVE-2025-3861

CVE, Research URL

CVE-2025-3861

Home page URL

Security reports for Prevent Direct Access – Protect WordPress Files

Application

Prevent Direct Access – Protect WordPress Files

Published on
Apr 25, 2025
Research Description
The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to unauthorized access and modification of data| due to a misconfigured capability check on the 'pda_lite_custom_permission_check' function in versions 2.8.6 to 2.8.8.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to access and change the protection status of media.
Affected versions
Min 2.8.6, max 2.8.8.2.
Status
vulnerable
Previous vulnerability researches
Unsafe Mimetypes (CVE-2025-46507) , Apr 26, 2025
New vulnerability
Create custom forms for WordPress with a smart form plugin for smart businesses – Form builder for WordPress (CVE-2025-2801) , Apr 27, 2025
Integração entre Eduzz e Woocommerce (CVE-2025-3906) , Apr 27, 2025
Xelion Webchat (CVE-2025-3058) , Apr 27, 2025
Breeze Display (CVE-2025-3749) , Apr 27, 2025
Add Google +1 (Plus one) social share Button (CVE-2025-3866) , Apr 27, 2025