Description

The WP Private Content Plus through 3.6.2 provides a global content protection feature that requires a password. However, the access control check is based only on the presence of an unprotected client-side cookie. As a result, an unauthenticated attacker can completely bypass the password protection by manually setting the cookie value in their browser.

INFO

Published Date :

2025-10-13T09:37:14.409Z

Last Modified :

2025-10-13T09:37:14.409Z

Source :

WPScan
AFFECTED PRODUCTS

The following products are affected by CVE-2025-10720 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-10720.

URL Resource
https://wpscan.com/vulnerability/5295e8da-7aba-4322-981b-80d692b3bc35/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System