WP Private Content Plus Password Protection Bypass Vulnerability

A vulnerability in the WP Private Content Plus plugin, affecting versions through 3.6.2, allows unauthenticated attackers to bypass global password protection. The vulnerability arises because the access control relies solely on an unprotected client-side cookie. Attackers can manually set the cookie value in their browser to gain access to protected content.

Impact

Exploitation of this vulnerability allows for unauthorized access to content that is meant to be password protected.

Reproduction

To reproduce this vulnerability, first enable the private content module in the WP Private Content Plus plugin settings. Then, navigate to the password settings tab, enable global password protection for all users, set a password, and save the changes. Afterward, go to a page that is protected by the password, which will prompt for the password entry. Open the browser's developer tools, create a new cookie by setting the 'wppcp_global_password_protected_status' to 'ACTIVE', and refresh the page to bypass the password protection.