CVE-2025-5998

Published Aug 14, 2025

Last updated 8 months ago

CVSS medium 6.5

Overview

Description: The PPWP – Password Protect Pages WordPress plugin before version 1.9.11 allows to put the site content behind a password authorization, however users with subscriber or greater roles can view content via the REST API.
Source: contact@wpscan.com
NVD status: Analyzed
Products: password_protect_wordpress

Risk scores

CVSS 3.1

Type: Secondary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

CVE-2025-5998 The PPWP – Password Protect Pages WordPress plugin before version 1.9.11 allows to put the site content behind a password authorization, however users with subscriber o… https://t.co/FG9GOCjyaX
@CVEnew
14 Aug 2025
356 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:passwordprotectwp:password_protect_wordpress:*:*:*:*:*:wordpress:*:*",
            "matchCriteriaId": "EA877974-1424-4846-91ED-0AAE41A5365B",
            "versionEndExcluding": "1.9.11",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

The PPWP – Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.9 via API. This makes it possible for unauthenticated attackers to obtain post titles, IDs, slugs as well as other information including for password-protected posts.•CVE-2024-0620

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References