What the vulnerability does
01Description
Insertion of Sensitive Information Into Sent Data vulnerability in WP Chill Passster content-protector allows Retrieve Embedded Sensitive Data.This issue affects Passster: from n/a through <= 4.2.19.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
What the vulnerability does
Insertion of Sensitive Information Into Sent Data vulnerability in WP Chill Passster content-protector allows Retrieve Embedded Sensitive Data.This issue affects Passster: from n/a through <= 4.2.19.
Explanation of Vulnerability in Simple Terms
Passster versions up to 4.2.19 expose sensitive information due to improper access controls. An unauthenticated attacker can read protected content without authorization by sending a network request. This affects any site using Passster to gate or protect content. Update to a version newer than 4.2.19 to resolve the issue.
What an attacker can do
Read protected or gated content without entering the correct password or meeting access requirements.
Potential impact on your site
Visitors can bypass password protection and access restricted content intended only for authorized users.
Conditions required to exploit
Network access only; no authentication or user interaction required.
Key dates
External resources