Security Advisory

CVE-2025-3861

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-04-25 05:25:07
Last updated 2025-04-25 19:00:51
Assigner Wordfence
State PUBLISHED

Description

The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to unauthorized access and modification of data| due to a misconfigured capability check on the pda_lite_custom_permission_check function in versions 2.8.6 to 2.8.8.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to access and change the protection status of media.