WordPress Plugin Vulnerabilities

PPWP – Password Protect Pages < 1.9.0 - Protection Mechanism Bypass

Description

The PPWP – Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.9 via API. This makes it possible for unauthenticated attackers to obtain post titles, IDs, slugs as well as other information including for password-protected posts.

Affects Plugins

Plugin icon
password-protect-page
Fixed in 1.9.0

References

CVE
CVE-2024-0620
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/41299927-2ed9-4cbe-b2b0-f306dc0e4a58

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Francesco Carlucci
Verified
No
WPVDB ID
402ea58d-8493-4503-9c28-1fdac87739c2

Timeline

Publicly Published
2024-02-07 (about 2 years ago)
Added
2024-02-07 (about 2 years ago)
Last Updated
2024-02-07 (about 2 years ago)

Other

Published
Title
Published
2026-02-13
Title
StickEasy Protected Contact Form < 1.0.2 - Unauthenticated Information Disclosure
Published
2024-02-02
Title
Anonymous Restricted Content < 1.6.3 - Protection Mechanism Bypass
Published
2024-08-28
Title
Popup Builder < 4.3.7 - Sensitive Information Exposure via Imported Subscribers CSV File
Published
2025-01-06
Title
Optimize Your Campaigns – Google Shopping – Google Ads – Google Adwords <= 3.1 - Information Exposure
Published
2023-12-28
Title
404 Solution < 2.33.1 - Sensitive Information Exposure via Log File