CVE-2026-4025

CVE-2026-4025 affects the PrivateContent Free WordPress plugin (pre-1.2.0). The flaw is a Stored XSS in the [pc-login-form] shortcode via the align attribute, caused by insufficient sanitization and lack of escaping when the attribute flows from the shortcode to pc_static::form_align() and is con...

CVE-2026-4025

The PrivateContent Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' shortcode attribute in the pc-login-form shortcode in all versions up to, and including, 1.2.0. This is due to insufficient input sanitization and output escaping on the 'align' attribute...

WordPress plugin PrivateContent Free 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

EUVD-2023-12621

Malicious code in bioql PyPI...

CVE-2025-26969 WordPress PrivateContent plugin <= 8.11.5 - Subscriber+ Site Wide Broken Access Control vulnerability

Missing Authorization vulnerability in Aldo Latino PrivateContent. This issue affects PrivateContent: from n/a through 8.11.5...

CVE-2025-26972 WordPress PrivateContent plugin <= 8.11.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound PrivateContent. This issue affects PrivateContent: from n/a through 8.11.5...

WordPress plugin PrivateContent SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

WordPress plugin PrivateContent 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2025-26966

CVE-2025-26966 describes an unauthenticated authentication bypass in the WordPress plugin “PrivateContent” (private-content) up to version 8.11.5, enabling an account takeover via an alternate path/channel. The vulnerability is categorized with a critical impact (CVSS 3.1: 9.8) and is referenced ...

WordPress PrivateContent plugin <= 8.11.5 - Unauthenticated Account Takeover vulnerability

Unauthenticated Account Takeover vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin PrivateContent versions = 8.11.5...

WordPress PrivateContent plugin <= 8.11.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin PrivateContent versions = 8.11.4...

WordPress PrivateContent plugin <= 8.11.5 - Subscriber+ Site Wide Broken Access Control vulnerability

Subscriber+ Site Wide Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin PrivateContent versions = 8.11.5...

WordPress PrivateContent Plugin <= 8.4.3 is vulnerable to Bypass Vulnerability

Software PrivateContent Type Plugin Vulnerable versions = 8.4.3 Fixed in 8.4.4 OWASP Top 10 A5: Broken Access Control Classification Bypass Vulnerability CVE CVE-2023-0581 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 8c5077753b61 Credits Riccardo Granata Required...

CVE-2023-0581

The PrivateContent plugin for WordPress is vulnerable to protection mechanism bypass due to the use of client side validation in versions up to, and including, 8.4.3. This is due to the plugin checking if an IP had been blocklist via client-side scripts rather than server-side. This makes it...

CVE-2023-0581

The PrivateContent plugin for WordPress is vulnerable to protection mechanism bypass due to the use of client side validation in versions up to, and including, 8.4.3. This is due to the plugin checking if an IP had been blocklist via client-side scripts rather than server-side. This makes it...

Design/Logic Flaw

The PrivateContent plugin for WordPress is vulnerable to protection mechanism bypass due to the use of client side validation in versions up to, and including, 8.4.3. This is due to the plugin checking if an IP had been blocklist via client-side scripts rather than server-side. This makes it...

CVE-2023-0581 PrivateContent <= 8.4.3 - Protection Mechanism Bypass

The PrivateContent plugin for WordPress is vulnerable to protection mechanism bypass due to the use of client side validation in versions up to, and including, 8.4.3. This is due to the plugin checking if an IP had been blocklist via client-side scripts rather than server-side. This makes it...

WordPress plugin PrivateContent 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...