CVE-2025-3861 – WordPress Prevent Direct Access Unauthorized Access Vulnerability

April 25, 2025

CVE ID : CVE-2025-3861

Published : April 25, 2025, 6:15 a.m. | 1 hour, 15 minutes ago

Description : The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to unauthorized access and modification of data| due to a misconfigured capability check on the ‘pda_lite_custom_permission_check’ function in versions 2.8.6 to 2.8.8.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to access and change the protection status of media.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-2580 – Bit Form WordPress Contact Form Stored Cross-Site Scripting Vulnerability

Next Article CVE-2025-0671 – Icegram Express WordPress Stored Cross-Site Scripting Vulnerability

How To Prevent WordPress SQL Injection Attacks

Java never goes out of style: Celebrating 30 years of the language

OpenAI o3-pro available in the API, BrowserStack adds Playwright support for real iOS devices, and more – Daily News Digest

Creating The “Moving Highlight” Navigation Bar With JavaScript And CSS

Surface Pro 11 with Snapdragon X Elite drops to lowest price ever

With WH40K Boltgun and Dungeons of Hinterberg, this month’s Humble Choice lineup is stacked for less than $12

I’ve been loving the upgrade to my favorite mobile controller, and there’s even a version for large tablets

Copilot Vision just launched — and Microsoft already added new features

Master Data Management: The Key to Improved Analytics Reporting

Master Data Management: The Key to Improved Analytics Reporting

Salesforce Lead-to-Revenue Management

React Native 0.80 – React 19.1, JS API Changes, Freezing Legacy Arch and much more

Surface Pro 11 with Snapdragon X Elite drops to lowest price ever

Surface Pro 11 with Snapdragon X Elite drops to lowest price ever

With WH40K Boltgun and Dungeons of Hinterberg, this month’s Humble Choice lineup is stacked for less than $12

I’ve been loving the upgrade to my favorite mobile controller, and there’s even a version for large tablets

CVE-2025-3861 – WordPress Prevent Direct Access Unauthorized Access Vulnerability

Apache Tomcat Under Attack: Massive Brute-Force Campaign Targets Manager Interfaces

Warning: Discontinued Amazon Cloud Cam Has Vulnerability (CVE-2025-6031), Exposing Your Network

Datasette is a tool for exploring and publishing data

CVE-2022-47111 – 7-Zip XZ File Format Parsing Vulnerability

CVE-2025-48276 – Visual Composer Cross-site Scripting Vulnerability

CVE-2025-47287 – Tornado Multipart Form Data Denial of Service Vulnerability

How to Add Custom Style Variations to WordPress Blocks

CVE-2025-29690 – OA System Cross-Site Scripting (XSS)

Distribution Release: Ubuntu Budgie 25.04

CVE-2025-31251 – Apple Media File Processing Denial of Service

CVE-2025-3861 – WordPress Prevent Direct Access Unauthorized Access Vulnerability

Related Posts