CVE-2025-4390
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-12
Last updated on: 2025-08-12
Assigner: Wordfence
Description
Description
The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.2 via the 'validate_restrictions' function. This makes it possible for unauthenticated attackers to extract sensitive data including the content of resticted posts on archive and feed pages.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | wp_private_content_plus | 3.6.2 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The WP Private Content Plus plugin for WordPress has a vulnerability in the 'validate_restrictions' function in all versions up to 3.6.2. This vulnerability allows unauthenticated attackers to access sensitive information by extracting the content of restricted posts on archive and feed pages.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of sensitive content that is meant to be restricted, potentially exposing private or confidential information to anyone without authentication.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70