3 matches found
WordPress PrivateContent Plugin <= 8.4.3 is vulnerable to Bypass Vulnerability
Software PrivateContent Type Plugin Vulnerable versions = 8.4.3 Fixed in 8.4.4 OWASP Top 10 A5: Broken Access Control Classification Bypass Vulnerability CVE CVE-2023-0581 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 8c5077753b61 Credits Riccardo Granata Required...
CVE-2023-0581
The PrivateContent plugin for WordPress is vulnerable to protection mechanism bypass due to the use of client side validation in versions up to, and including, 8.4.3. This is due to the plugin checking if an IP had been blocklist via client-side scripts rather than server-side. This makes it...
CVE-2023-0581
CVE-2023-0581 affects the PrivateContent WordPress plugin (up to version 8.4.3). Root cause: login protection relies on client-side validation to determine blocklisted IPs, allowing unauthenticated bypass of login restrictions. Impact is the potential to brute-force login bypass. Mitigation: upda...