Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total6
Critical0
High1
Medium5
Reset
Showing 1-6 of 6 records
Threat Entry Updated 2025-06-05

CVE-2024-11282 - Passster Plugin

The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.10 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.

PLUGIN Passster

CVE-2024-11282

MEDIUM CVSS 5.3 2025-01-07
Open Full Technical Breakdown
Threat Entry Updated 2025-05-06

CVE-2024-2026 - Passster Plugin

The Passster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's content_protector shortcode in all versions up to, and including, 4.2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Passster

CVE-2024-2026

MEDIUM CVSS 6.4 2024-04-09
Open Full Technical Breakdown
Threat Entry Updated 2025-01-27

CVE-2024-0616 - Passster Plugin

The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.2 via API. This makes it possible for unauthenticated attackers to obtain post titles, slugs, IDs, content and other metadata including passwords of password-protected posts and pages.

PLUGIN Passster

CVE-2024-0616

MEDIUM CVSS 5.3 2024-02-29
Open Full Technical Breakdown
Threat Entry Updated 2025-04-02

CVE-2021-24881 - Passster Plugin

The Passster WordPress plugin before 3.5.5.9 does not properly check for password, as well as that the post to be viewed is public, allowing unauthenticated users to bypass the protection offered by the plugin, and access arbitrary posts (such as private) content, by sending a specifically crafted request.

PLUGIN Passster

CVE-2021-24881

HIGH CVSS 7.5 2023-01-23
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24837 - Passster Plugin

The Passster WordPress plugin before 3.5.5.8 does not escape the area parameter of its shortcode, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.

PLUGIN Passster

CVE-2021-24837

MEDIUM CVSS 5.4 2023-01-23
Open Full Technical Breakdown
Threat Entry Updated 2025-05-14

CVE-2022-3206 - Passster Plugin

The Passster WordPress plugin before 3.5.5.5.2 stores the password inside a cookie named "passster" using base64 encoding method which is easy to decode. This puts the password at risk in case the cookies get leaked.

PLUGIN Passster

CVE-2022-3206

MEDIUM CVSS 5.9 2022-10-17
Open Full Technical Breakdown
Scroll to top