Riccardo Granata

**Name of the Vulnerable Software and Affected Versions** PrivateContent plugin for WordPress versions up to, and including, 8.4.3 **Description** The issue arises from the plugin's use of client-side validation, where it checks if an IP has been blocklisted via client-side scripts rather than server-side. This allows unauthenticated attackers to bypass login restrictions, potentially enabling brute force attacks. **Recommendations** For versions up to, and including, 8.4.3, update to a version that uses server-side validation to check blocklisted IPs, as this will prevent the bypass of login restrictions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.