4 matches found
CVE-2025-11244
The Password Protected plugin for WordPress is vulnerable to authorization bypass via IP address spoofing in all versions up to, and including, 2.7.11. This is due to the plugin trusting client-controlled HTTP headers such as X-Forwarded-For, HTTPCLIENTIP, and similar headers to determine user IP...
CVE-2025-11244
CVE-2025-11244 affects the WordPress Password Protected plugin (versions ≤ 2.7.11). The vulnerability arises because the plugin trusts client-controlled HTTP headers (eg, X-Forwarded-For, HTTP_CLIENT_IP) in pp_get_ip_address() when the Use transients option is enabled, enabling an unauthenticated...
EUVD-2025-35905
The Password Protected plugin for WordPress is vulnerable to authorization bypass via IP address spoofing in all versions up to, and including, 2.7.11. This is due to the plugin trusting client-controlled HTTP headers such as X-Forwarded-For, HTTPCLIENTIP, and similar headers to determine user IP...
CVE-2025-11244 Password Protected <= 2.7.11 - Unauthenticated Authorization Bypass via IP Address Spoofing
The Password Protected plugin for WordPress is vulnerable to authorization bypass via IP address spoofing in all versions up to, and including, 2.7.11. This is due to the plugin trusting client-controlled HTTP headers such as X-Forwarded-For, HTTPCLIENTIP, and similar headers to determine user IP...