CVE-2025-3861 – WordPress Prevent Direct Access Unauthorized Access Vulnerability

April 25, 2025

CVE ID : CVE-2025-3861

Published : April 25, 2025, 6:15 a.m. | 1 hour, 15 minutes ago

Description : The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to unauthorized access and modification of data| due to a misconfigured capability check on the ‘pda_lite_custom_permission_check’ function in versions 2.8.6 to 2.8.8.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to access and change the protection status of media.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-2580 – Bit Form WordPress Contact Form Stored Cross-Site Scripting Vulnerability

Next Article CVE-2025-0671 – Icegram Express WordPress Stored Cross-Site Scripting Vulnerability

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

Windows Recall finally launches, Oblivion Remastered surprise drops, and Drug Dealer Simulator devs speak out

This tiny Bluetooth speaker delivers loud, distortion-free sound – and it’s on sale

Are you playing The Elder Scrolls 4: Oblivion Remastered, and if so, what do you think? — Weekend discussion 💬

I’ve been trying to figure out why these AR glasses cost $700, but I’m frankly stumped

Perficient Included in IDC Market Glance: Healthcare Provider Operational IT Solutions, 1Q25

Perficient Included in IDC Market Glance: Healthcare Provider Operational IT Solutions, 1Q25

Natural Language Q&A in Optimizely CMS Using Azure OpenAI and AI Search

Closing Deals Faster: The Future of Sales with AI & Personalization

Windows Recall finally launches, Oblivion Remastered surprise drops, and Drug Dealer Simulator devs speak out

Windows Recall finally launches, Oblivion Remastered surprise drops, and Drug Dealer Simulator devs speak out

Windows 11 24H2 colourful battery icons for taskbar are still coming, but no ETA, says Microsoft

Git Interactive Rebase Tool – terminal-based sequence editor for interactive rebase

CVE-2025-3861 – WordPress Prevent Direct Access Unauthorized Access Vulnerability

April 2025 Patch Tuesday: One Zero-Day and 11 Critical Vulnerabilities Among 121 CVEs

Microsoft “.library-ms” File / NTLM Information Disclosure (Resurrected 2025)

Scaling Up Reinforcement Learning for Traffic Smoothing: A 100-AV Highway Deployment

Knowing CSS is Mastery to Frontend Development

Best SNES Emulator: 5 Feature-Rich Options

Your Microsoft Office apps will soon launch faster – but the Speed Boost is optional

Unleash your Salesforce data using the Amazon Q Salesforce Online connector

Proxmox Mail Gateway – email security solution

A 2024 JavaScript retrospective

PHP 8.4.0 Alpha 2 available for testing

CVE-2025-3861 – WordPress Prevent Direct Access Unauthorized Access Vulnerability

Related Posts