CVE-2025-3861 – WordPress Prevent Direct Access Unauthorized Access Vulnerability

April 25, 2025

CVE ID : CVE-2025-3861

Published : April 25, 2025, 6:15 a.m. | 1 hour, 15 minutes ago

Description : The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to unauthorized access and modification of data| due to a misconfigured capability check on the ‘pda_lite_custom_permission_check’ function in versions 2.8.6 to 2.8.8.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to access and change the protection status of media.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-2580 – Bit Form WordPress Contact Form Stored Cross-Site Scripting Vulnerability

Next Article CVE-2025-0671 – Icegram Express WordPress Stored Cross-Site Scripting Vulnerability

Web Components: Working With Shadow DOM

Google’s new Opal tool allows users to create mini AI apps with no coding required

Designing Better UX For Left-Handed People

This week in AI dev tools: Gemini 2.5 Flash-Lite, GitLab Duo Agent Platform beta, and more (July 25, 2025)

Microsoft wants you to chat with its browser now – but can you trust this Copilot?

I tested the Dell XPS’ successor – here are the biggest upgrades (and what’s the same)

I’m a Linux pro – here are my top 5 command line backup tools for desktops and servers

Should you buy a refurbished iPad? I tried one from Back Market and here’s my verdict

elegantweb/sanitizer

elegantweb/sanitizer

Streamlined String Encryption with Laravel’s Fluent Methods

Resume PHP

Gamers bypass UK age verification with Death Stranding — no real face or VPN required

Gamers bypass UK age verification with Death Stranding — no real face or VPN required

New Xbox games launching this week, from July 28 through August 3 — Grounded 2 arrives on Xbox Game Pass

TikTok’s owner forked Microsoft’s Visual Studio Code and concerns have been raised — reports suggest it’s resource heavy and never stops ‘phoning home’

CVE-2025-3861 – WordPress Prevent Direct Access Unauthorized Access Vulnerability

Tea Dating Advice app spills sensitive data

Critical Flaws in Niagara Framework Threaten Smart Buildings and Industrial Systems Worldwide

CVE-2025-41653 – Citrix Web Server Denial of Service

No Ceasefire in the Cyberspace Between India and Pakistan

CVE-2025-37097 – HPE Insight Remote Support Denial of Service

6 hidden Android features every user should know – and how they make life easier

Rilasciato Sculpt OS 25.04: Nuova Versione del Sistema Operativo Sicuro Basato su Genode

CVE-2025-5392 – “WordPress GB Forms DB Remote Code Execution”

18 Best Free and Open Source Linux Earth Science Software

Discover Linux Mint 22: How Cinnamon Became the Sleek, Speedy Desktop Champion of 2025

CVE-2025-3861 – WordPress Prevent Direct Access Unauthorized Access Vulnerability

Related Posts