Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-10720 PoC — WP Private Content Plus <= 3.6.2 - Password Protection Bypass

Source
https://github.com/lorenzocamilli/CVE-2025-10720-PoC
Associated Vulnerability
Title:WP Private Content Plus <= 3.6.2 - Password Protection Bypass (CVE-2025-10720)
Description:The WP Private Content Plus through 3.6.2 provides a global content protection feature that requires a password. However, the access control check is based only on the presence of an unprotected client-side cookie. As a result, an unauthenticated attacker can completely bypass the password protection by manually setting the cookie value in their browser.
Description
CVE-2025-10720 PoC
Readme
## Description
This proof of concept (PoC) describes an authentication bypass vulnerability found in the **WordPress plugin WP Private Content Plus v3.6.2**. The issue allows unauthenticated users to bypass password-protected content due to improper reliance on client-side cookies.
## Details
- **Vulnerability Type**: Authentication Bypass (Unauthenticated)
- **CWE-ID**: CWE-565 - Reliance on Cookies without Validation and Integrity Checking
## Impact
Successful exploitation allows unauthenticated users to access content protected by the plugin’s global password feature.
## References
- [Video demo](https://youtu.be/e1uMllcXhfE)
- [WPScan](https://wpscan.com/vulnerability/5295e8da-7aba-4322-981b-80d692b3bc35/])
- [Affected plugin](https://wordpress.org/plugins/wp-private-content-plus/)
File Snapshot

 [4.0K]  /data/pocs/501d7aa6b1ade8b9672d1389dba66e801be9ac21
├── [4.0K]  images
│   ├── [120K]  bypass.png
│   ├── [103K]  cookie-creation.png
│   ├── [181K]  enable-functions.png
│   ├── [210K]  enable-module.png
│   ├── [645K]  plugin-cinfiguration.png
│   ├── [160K]  plugin-version.png
│   └── [ 92K]  protected-page.png
├── [6.1M]  poc-demo.mp4
├── [3.0K]  PoC.md
└── [ 799]  README.md

2 directories, 10 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →