Threat Entry Updated 2026-01-29

CVE-2025-14865 - Password Protect Pages And Content Plugin

The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'content_protector' shortcode in all versions up to, and including, 4.2.24. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 4.2.21.

PLUGIN Password Protect Pages And Content

CVE-2025-14865

MEDIUM CVSS 6.4 2026-01-28

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-06-05

CVE-2024-11282 - Password Protect Pages And Content Plugin

The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.10 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.

PLUGIN Password Protect Pages And Content

CVE-2024-11282

MEDIUM CVSS 5.3 2025-01-07

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-01-27

CVE-2024-0616 - Password Protect Pages And Content Plugin

The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.2 via API. This makes it possible for unauthenticated attackers to obtain post titles, slugs, IDs, content and other metadata including passwords of password-protected posts and pages.

PLUGIN Password Protect Pages And Content

CVE-2024-0616

MEDIUM CVSS 5.3 2024-02-29

Risk Score

Open Full Technical Breakdown