CVE-2025-26966 – WordPress PrivateContent plugin <= 8.11.5 - Unauthenticated Account Takeover vulnerability

https://notcve.org/view.php?id=CVE-2025-26966

24 Feb 2025 — Authentication Bypass Using an Alternate Path or Channel vulnerability in Aldo Latino PrivateContent. This issue affects PrivateContent: from n/a through 8.11.5. The Private Content plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 8.11.5. This makes it possible for unauthenticated attackers to takeover other user's accounts effectively elevating their privileges. • https://patchstack.com/database/wordpress/plugin/private-content/vulnerability/wordpress-privatecontent-plugin-8-11-5-unauthenticated-account-takeover-vulnerability?_s_id=cve • CWE-269: Improper Privilege Management CWE-288: Authentication Bypass Using an Alternate Path or Channel •