WordPress Plugin Vulnerabilities

PrivateContent < 8.4.4 - Brute Force Protection Bypass

Description

The plugin checks whether an IP is blocked or not via client-side validation, allowing attackers to bypass such protection via crafted requests.

Affects Plugins

Plugin icon
private-content
Fixed in 8.4.4

References

CVE
CVE-2023-0581

Miscellaneous

Original Researcher
Riccardo Granata
Verified
No
WPVDB ID
2e781064-0d7f-4e86-8b96-c8229effb989

Timeline

Publicly Published
2023-01-30 (about 3 years ago)
Added
2023-01-30 (about 3 years ago)
Last Updated
2023-01-30 (about 3 years ago)

Other

Published
Title
Published
2022-05-30
Title
WP-Email < 2.69.0 - Anti-Spam Protection Bypass via IP Spoofing
Published
2024-05-28
Title
Swiss Toolkit For WP < 1.0.8 - Contributor+ Authentication Bypass
Published
2019-03-26
Title
Nested Pages <= 3.0.7 - Post Edit Bypass
Published
2015-04-05
Title
WordPress Video Gallery <= 2.8 - Unprotected Mail Page
Published
2016-11-10
Title
W3 Total Cache < 0.9.5 - Weak Validation of Amazon SNS Push Messages