CVE-2023-0581

Published: Jan 30, 2023Modified: Jun 17, 2026

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

The PrivateContent plugin for WordPress is vulnerable to protection mechanism bypass due to the use of client side validation in versions up to, and including, 8.4.3. This is due to the plugin checking if an IP had been blocklist via client-side scripts rather than server-side. This makes it possible for unauthenticated attackers to bypass any login restrictions that may prevent a brute force attack.

Affected (1)

Products: Lcweb: Privatecontent

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Lcweb Privatecontent	Before 8.4.4

Related CWEs

Client-Side Enforcement of Server-Side Security

The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.

References (4)

https://lcweb.it/privatecontent/changelog

Source: security@wordfence.com

Release NotesVendor Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/de73304e-7a28-4304-b1ed-2f6dd7738236?source=cve

Source: security@wordfence.com

https://lcweb.it/privatecontent/changelog

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/de73304e-7a28-4304-b1ed-2f6dd7738236

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.