Wpchill Passster

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Wpchill Passster.

By the Year

In 2026 there have been 2 vulnerabilities in Wpchill Passster with an average score of 6.5 out of ten. Last year, in 2025 Passster had 3 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Passster in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.02.

Year	Vulnerabilities	Average Score
2026	2	6.45
2025	3	6.43
2024	3	6.00

It may take a day or so for new Passster vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Wpchill Passster Security Vulnerabilities

WP Chill Passster <=4.2.25 Missing Auth, ACL Bypass
CVE-2026-25036 6.5 - Medium - February 03, 2026

Missing Authorization vulnerability in WP Chill Passster content-protector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Passster: from n/a through <= 4.2.25.

AuthZ

WP Passster Plg Stored XSS via content_protector short 4.2.24
CVE-2025-14865 6.4 - Medium - January 28, 2026

The Passster Password Protect Pages and Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'content_protector' shortcode in all versions up to, and including, 4.2.24. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 4.2.21.

XSS

WP Chill Passster <=4.2.19 Sensitive Data Exfil by Content-Protector
CVE-2025-64218 7.5 - High - December 18, 2025

Insertion of Sensitive Information Into Sent Data vulnerability in WP Chill Passster content-protector allows Retrieve Embedded Sensitive Data.This issue affects Passster: from n/a through <= 4.2.19.

Insertion of Sensitive Information Into Sent Data

WP Chill Passster <=4.2.18 Stored XSS Vulnerability
CVE-2025-57926 6.5 - Medium - September 22, 2025

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Passster content-protector allows Stored XSS.This issue affects Passster: from n/a through <= 4.2.18.

XSS

Passster WP Plugin v<=4.2.10 SIE via WP Search
CVE-2024-11282 5.3 - Medium - January 07, 2025

The Passster Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.10 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.

Information Disclosure

Freemius SDK <=2.4.2 CVE-2022-4974: CSRF & Info Disclosure
CVE-2022-4974 6.3 - Medium - October 16, 2024

The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.

AuthZ

Passster WP Plugin 4.2.6.4 XSS via content_protector Shortcode
CVE-2024-2026 6.4 - Medium - April 09, 2024

The Passster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's content_protector shortcode in all versions up to, and including, 4.2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

XSS

Passster Password Protect Plugin <4.2.6.2 Sensitive Info Exposure via API
CVE-2024-0616 5.3 - Medium - February 29, 2024

The Passster Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.2 via API. This makes it possible for unauthenticated attackers to obtain post titles, slugs, IDs, content and other metadata including passwords of password-protected posts and pages.

Information Disclosure

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Wpchill Passster or by Wpchill? Click the Watch button to subscribe.

Wpchill
Vendor

Wpchill Passster
Product

Wpchill Passster

Don't miss out!

By the Year

Recent Wpchill Passster Security Vulnerabilities

WP Chill Passster <=4.2.25 Missing Auth, ACL Bypass CVE-2026-25036 6.5 - Medium - February 03, 2026

WP Passster Plg Stored XSS via content_protector short 4.2.24 CVE-2025-14865 6.4 - Medium - January 28, 2026

WP Chill Passster <=4.2.19 Sensitive Data Exfil by Content-Protector CVE-2025-64218 7.5 - High - December 18, 2025

WP Chill Passster <=4.2.18 Stored XSS Vulnerability CVE-2025-57926 6.5 - Medium - September 22, 2025

Passster WP Plugin v<=4.2.10 SIE via WP Search CVE-2024-11282 5.3 - Medium - January 07, 2025

Freemius SDK <=2.4.2 CVE-2022-4974: CSRF & Info Disclosure CVE-2022-4974 6.3 - Medium - October 16, 2024

Passster WP Plugin 4.2.6.4 XSS via content_protector Shortcode CVE-2024-2026 6.4 - Medium - April 09, 2024

Passster Password Protect Plugin <4.2.6.2 Sensitive Info Exposure via API CVE-2024-0616 5.3 - Medium - February 29, 2024