Report incident

Security Alerts

Vulnerability Alert - Plugin WordPress WP Private Content Plus

type Vulnerabilities
Systems AffectedPlugin WordPress WP Private Content Plus in version 1.31 and below
System Other

Description

The WordPress WP Private Content Plus plugin, which has 9,000+ active installations, was prone to an unauthenticated options change vulnerability in version 1.31 and below.

impact

WP Private Content Plus is a plugin used to protect important site content from specific user roles or group of selected users. It was prone to an unauthenticated options change vulnerability that could lead to website redirection, stored XSS (front-end and back-end), information disclosure and denial of service.

Resolution

Update Plugin WordPress WP Private Content Plus to version greater than 1.31

References

[1] - https://blog.nintechnet.com/unauthenticated-options-change-vulnerability-in-wordpress-wp-private-content-plus-plugin/
[2] - https://wpvulndb.com/vulnerabilities/9817
[3] - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15816