CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26966 – WordPress PrivateContent plugin <= 8.11.5 - Unauthenticated Account Takeover vulnerability
https://notcve.org/view.php?id=CVE-2025-26966
24 Feb 2025 — Authentication Bypass Using an Alternate Path or Channel vulnerability in Aldo Latino PrivateContent. This issue affects PrivateContent: from n/a through 8.11.5. The Private Content plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 8.11.5. This makes it possible for unauthenticated attackers to takeover other user's accounts effectively elevating their privileges. • https://patchstack.com/database/wordpress/plugin/private-content/vulnerability/wordpress-privatecontent-plugin-8-11-5-unauthenticated-account-takeover-vulnerability?_s_id=cve • CWE-269: Improper Privilege Management CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13248 – Private content - Moderately critical - Access bypass - SA-CONTRIB-2024-012
https://notcve.org/view.php?id=CVE-2024-13248
09 Jan 2025 — Incorrect Privilege Assignment vulnerability in Drupal Private content allows Target Influence via Framing.This issue affects Private content: from 0.0.0 before 2.1.0. • https://www.drupal.org/sa-contrib-2024-012 • CWE-266: Incorrect Privilege Assignment •