Threat Entry Updated 2025-08-18

CVE-2025-5998 - Password Protect Pages Plugin

The PPWP – Password Protect Pages WordPress plugin before version 1.9.11 allows to put the site content behind a password authorization, however users with subscriber or greater roles can view content via the REST API.

PLUGIN Password Protect Pages

CVE-2025-5998

MEDIUM CVSS 6.5 2025-08-14

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-12-17

CVE-2024-11280 - Password Protect Pages Plugin

The PPWP – Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.

PLUGIN Password Protect Pages

CVE-2024-11280

MEDIUM CVSS 5.3 2024-12-17

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-01-27

CVE-2024-0620 - Password Protect Pages Plugin

The PPWP – Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.9 via API. This makes it possible for unauthenticated attackers to obtain post titles, IDs, slugs as well as other information including for password-protected posts.

PLUGIN Password Protect Pages

CVE-2024-0620

MEDIUM CVSS 5.3 2024-02-29

Risk Score

Open Full Technical Breakdown