Really Simple Security logo

Log out
Get PRO

Latest

Access violation vulnerability in Prevent Direct Access – Protect WordPress Files 2.8.8

  • Severity: medium-risk
  • Status: Fixed
  • Publication: April 24, 2025

A security issue has been found in the Prevent Direct Access – Protect WordPress Files plugin for WordPress. This affects all versions up to 2.8.8. The issue is caused by a lack of randomness in the generated file names, making it possible for attackers to access protected files if they can figure out the file name. This can be done without authentication, putting sensitive data at risk.

Detected in:

PDA – Prevent Direct Access | #1 WordPress File Protection Plugin fixed vulnerable versions:
PDA: Prevent Direct Access to Files, URLs & Folders; Create Private/Secure Links fixed vulnerable versions:
Prevent Direct Access – Protect WordPress Files fixed vulnerable versions: >= * <= 2.8.8

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.