Primary

Context

Sharable Password Protected Posts Sensitive Data Exposure Vulnerability

Vulnerability

A vulnerability in the Sharable Password Protected Posts WordPress plugin, affecting versions prior to 1.1.1, allows unauthorized access to password-protected posts. This is achieved by using a secret key provided in a GET parameter, which is exposed through the REST API.

Impact

Exploitation of this vulnerability allows unauthorized users to access password-protected posts, bypassing the intended access controls.

Reproduction

To reproduce this vulnerability, create a password-protected post and enable the 'Share post via secret URL' option. Then, access the REST API endpoint for the post to retrieve the secret key from the meta field '_sppp_key'. Finally, add the key as a GET parameter to the post URL to gain access to the protected content.

Remediation

Users are advised to update the Sharable Password Protected Posts plugin to version 1.1.1 or later.

Added: Jul 4, 2025, 10:16 AM

Updated: Jul 4, 2025, 10:16 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

7.7

relevance

0.2

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

7.7

relevance

0.2

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Sharable Password Protected Posts Sensitive Data Exposure Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating