70 matches found
CVE-2025-26969 WordPress PrivateContent plugin <= 8.11.5 - Subscriber+ Site Wide Broken Access Control vulnerability
Missing Authorization vulnerability in Aldo Latino PrivateContent. This issue affects PrivateContent: from n/a through 8.11.5...
CVE-2025-26972 WordPress PrivateContent plugin <= 8.11.5 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound PrivateContent. This issue affects PrivateContent: from n/a through 8.11.5...
CVE-2025-26972 WordPress PrivateContent plugin <= 8.11.5 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound PrivateContent. This issue affects PrivateContent: from n/a through 8.11.5...
CVE-2025-26969
CVE-2025-26969 concerns WordPress PrivateContent plugin (
CVE-2025-26976
CVE-2025-26976 is a SQL Injection vulnerability affecting WordPress PrivateContent plugin
WordPress plugin PrivateContent 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress plugin PrivateContent SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...
WordPress plugin PrivateContent 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2025-26966
Authentication Bypass Using an Alternate Path or Channel vulnerability in Aldo Latino PrivateContent private-content.This issue affects PrivateContent: from n/a through = 8.11.5...
CVE-2025-26966
Authentication Bypass Using an Alternate Path or Channel vulnerability in Aldo Latino PrivateContent private-content.This issue affects PrivateContent: from n/a through = 8.11.5...
CVE-2025-26966 WordPress PrivateContent plugin <= 8.11.5 - Unauthenticated Account Takeover vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in Aldo Latino PrivateContent private-content.This issue affects PrivateContent: from n/a through = 8.11.5...
CVE-2025-26966 WordPress PrivateContent plugin <= 8.11.5 - Unauthenticated Account Takeover vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in Aldo Latino PrivateContent private-content.This issue affects PrivateContent: from n/a through = 8.11.5...
CVE-2025-26966
CVE-2025-26966 describes an unauthenticated authentication bypass in the WordPress plugin “PrivateContent” (private-content) up to version 8.11.5, enabling an account takeover via an alternate path/channel. The vulnerability is categorized with a critical impact (CVSS 3.1: 9.8) and is referenced ...
WordPress plugin PrivateContent 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2025-7871 · Aldo Latino · Privatecontent
Name of the Vulnerable Software and Affected Versions: Aldo Latino PrivateContent versions through 8.11.5 Description: The issue is related to an Authentication Bypass Using an Alternate Path or Channel. This allows unauthorized access, potentially compromising the security of the system...
WordPress PrivateContent plugin <= 8.11.5 - Unauthenticated Account Takeover vulnerability
Unauthenticated Account Takeover vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin PrivateContent versions = 8.11.5...
WordPress PrivateContent plugin <= 8.11.4 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin PrivateContent versions = 8.11.4...
WordPress PrivateContent plugin <= 8.11.5 - Subscriber+ Site Wide Broken Access Control vulnerability
Subscriber+ Site Wide Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin PrivateContent versions = 8.11.5...
WordPress PrivateContent plugin <= 8.11.5 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin PrivateContent versions = 8.11.5...
WordPress PrivateContent Plugin <= 8.4.3 is vulnerable to Bypass Vulnerability
Software PrivateContent Type Plugin Vulnerable versions = 8.4.3 Fixed in 8.4.4 OWASP Top 10 A5: Broken Access Control Classification Bypass Vulnerability CVE CVE-2023-0581 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 8c5077753b61 Credits Riccardo Granata Required...