CVE-2025-3453: 
WordPress vulnerability analysis and mitigation

The Password Protected WordPress plugin (versions up to 2.7.7) contains a Sensitive Information Exposure vulnerability identified as CVE-2025-3453. The vulnerability exists in the 'passwordprotectedcookie' function and allows unauthenticated attackers to extract sensitive data, including all protected site content, when the 'Use Transient' setting is enabled. This vulnerability was discovered and disclosed in April 2025 (NVD).

The vulnerability is present in the 'passwordprotectedcookie' function of the plugin and is triggered when the 'Use Transient' setting is enabled. The issue has been assigned a CVSS v3.1 Base Score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, indicating that it can be exploited remotely without requiring privileges or user interaction (NVD).

When successfully exploited, the vulnerability allows unauthenticated attackers to access and extract sensitive data, specifically all protected site content that should normally be restricted. This could lead to unauthorized access to private information and protected pages on WordPress sites using the affected plugin (NVD).

The vulnerability has been patched in version 2.7.8 of the Password Protected plugin. Site administrators are advised to update to this version or later to protect against potential exploitation (WordPress Plugin).