Log out
Get PRO

Latest

Input validation vulnerability in Password Protected 2.6.2

  • Severity: medium-risk
  • Status: Fixed
  • Publication: June 13, 2023

The Password Protected plugin for WordPress is vulnerable to a security risk called “Stored Cross-Site Scripting”. This vulnerability affects versions of the plugin up to and including version 2.6.2. It is possible for someone with administrator-level access to inject malicious code into webpages, which will execute when a user visits those pages. The vulnerability only affects WordPress installations that are part of a multi-site network, or those that have disabled a feature called “unfiltered_html”.

Detected in:

Password Protected fixed vulnerable versions: >= * <= 2.6.2
Password Protected – Only Plugin You Need to Password Protect WordPress Site/WooCommerce fixed vulnerable versions:
Password Protected – Password Protect your WordPress Site, Pages, & WooCommerce Products – Restrict Content, Protect WooCommerce Category, and more fixed vulnerable versions:
Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease fixed vulnerable versions:
Password Protected – Ultimate Plugin to Protect WordPress Site, Pages & WooCommerce Store fixed vulnerable versions:
Password Protected – WordPress Plugin to Password Protect Site, Pages, & WooCommerce Store fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.

Join our mailing list - 6 Tips & Tricks in your inbox over the next days!

Plugins

© Really Simple Plugins
CoC 70461155
Kalmarweg 14-5
9723 JG, Groningen (NL)

Wordpress Linkedin Github

Get Started

About

Popular articles