Primary

Context

Prevent Direct Access WordPress Plugin Incorrect Authorization Vulnerability

Vulnerability

A vulnerability exists in the Prevent Direct Access – Protect WordPress Files plugin for WordPress, specifically in versions 2.8.6 prior to 2.8.8.2. The issue arises from a misconfigured capability check in the 'pda_lite_custom_permission_check' function, allowing authenticated attackers with Contributor-level access and above to unauthorized access and modification of media protection statuses.

Impact

Exploitation of this vulnerability allows for unauthorized access and modification of media protection statuses, potentially leading to unauthorized access to protected files.

Remediation

Users can update to version 2.8.8.3 or a newer patched version to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

5.9

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

5.9

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Prevent Direct Access WordPress Plugin Incorrect Authorization Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating