7 matches found
CVE-2025-3923
The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.8 via the 'generateuniquestring' due to insufficient randomness of the generated file name. This makes it possible for unauthenticated...
CVE-2025-3861 Prevent Direct Access 2.8.6 - 2.8.8.2 - Incorrect Authorization to Authenticated (Contributor+) Multiple Media Actions
The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to unauthorized access and modification of data| due to a misconfigured capability check on the 'pdalitecustompermissioncheck' function in versions 2.8.6 to 2.8.8.2. This makes it possible for authenticated...
CVE-2025-3861 Prevent Direct Access 2.8.6 - 2.8.8.2 - Incorrect Authorization to Authenticated (Contributor+) Multiple Media Actions
The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to unauthorized access and modification of data| due to a misconfigured capability check on the 'pdalitecustompermissioncheck' function in versions 2.8.6 to 2.8.8.2. This makes it possible for authenticated...
CVE-2025-3861
CVE-2025-3861 affects the WordPress plugin Prevent Direct Access – Protect WordPress Files (versions 2.8.6–2.8.8.2). A misconfigured capability check in pda_lite_custom_permission_check allows authenticated users with Contributor+ privileges to access and modify the protection status of media. At...
WordPress plugin Prevent Direct Access 信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...
PT-2025-17883 · WordPress · Prevent Direct Access – Protect Wordpress Files
Name of the Vulnerable Software and Affected Versions: Prevent Direct Access – Protect WordPress Files plugin versions up to, and including, 2.8.8 Description: The issue allows unauthenticated attackers to extract sensitive data, including files protected by the plugin, due to insufficient...
WordPress plugin Prevent Direct Access 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...