CVE-2024-0437 MEDIUM

CVE-2024-0437: Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease <= 2.6.6 - Missing Authorization to Sensitive Information Exposure

Vendor Saadiqbal
Product Password Protected — Lock Entire Site, Pages, Posts, Categories, and Partial Content
Weakness CWE-284
Published May 14, 2024
Last update April 8, 2026
View on NVD All CVEs

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

The Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.6 via the API. This makes it possible for authenticated attackers, with subscriber access or higher, to extract post titles and content, thus bypassing the plugin's password protection.

Key dates

02Disclosure timeline

May 14, 2024 CVE published
April 8, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-34233 CtrlPanel has Missing Authentication Checks in Datatable Admin Endpoints CVE-2022-0270 Improper header sanitization in bored-agent causes escalation of privilege CVE-2021-28511 This advisory documents the impact of an internally found vulnerability in Arista EOS for security ACL bypass. The impact of this vulnerability is that the security ACL drop rule might be bypassed if a NAT ACL rule filter with permit action matches t ... CVE-2024-21848 Users maintain access to active call after being removed from a channel CVE-2024-45118 Adobe Commerce | Improper Access Control (CWE-284)