CVE-2023-0581

Name of the Vulnerable Software and Affected Versions PrivateContent plugin for WordPress versions up to, and including, 8.4.3

Description The issue arises from the plugin's use of client-side validation, where it checks if an IP has been blocklisted via client-side scripts rather than server-side. This allows unauthenticated attackers to bypass login restrictions, potentially enabling brute force attacks.

Recommendations For versions up to, and including, 8.4.3, update to a version that uses server-side validation to check blocklisted IPs, as this will prevent the bypass of login restrictions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.