CVE-2025-5998
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-14
Last updated on: 2025-08-18
Assigner: WPScan
Description
Description
The PPWP β Password Protect Pages WordPress plugin before version 1.9.11 allows to put the site content behind a password authorization, however users with subscriber or greater roles can view content via the REST API.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| passwordprotectwp | password_protect_wordpress | to 1.9.11 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the PPWP β Password Protect Pages WordPress plugin before version 1.9.11 allows users with subscriber or greater roles to bypass the intended password protection and view site content via the REST API.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized access to protected site content by users who should not have permission, potentially exposing sensitive or restricted information.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70