CVE-2025-64218 HIGH

CVE-2025-64218: WordPress Passster plugin <= 4.2.19 - Sensitive Data Exposure vulnerability

Vendor Wp Chill
Product Passster
Weakness CWE-201
Published December 18, 2025
Last update April 29, 2026

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Insertion of Sensitive Information Into Sent Data vulnerability in WP Chill Passster content-protector allows Retrieve Embedded Sensitive Data.This issue affects Passster: from n/a through <= 4.2.19.

Explanation of Vulnerability in Simple Terms

02Summary

Passster versions up to 4.2.19 expose sensitive information due to improper access controls. An unauthenticated attacker can read protected content without authorization by sending a network request. This affects any site using Passster to gate or protect content. Update to a version newer than 4.2.19 to resolve the issue.

What an attacker can do

03Attacker Capabilities

Read protected or gated content without entering the correct password or meeting access requirements.

Potential impact on your site

04Site Impact

Visitors can bypass password protection and access restricted content intended only for authorized users.

Conditions required to exploit

05Prerequisites

Network access only; no authentication or user interaction required.

Key dates

06Disclosure timeline

December 18, 2025 CVE published
April 29, 2026 Record updated