WordPress · Wp Private Content Plus · CVE-2025-10720
**Name of the Vulnerable Software and Affected Versions**
WP Private Content Plus versions through 3.6.2
**Description**
The software includes a content protection feature requiring a password, but the access control check relies solely on a client-side cookie. An unauthenticated attacker can bypass the password protection by manually setting the cookie value in their browser.
**Recommendations**
Update to a version beyond 3.6.2.