CVSS 3.1 Score 4.4 of 10 (medium)


Published Feb 29, 2024


CVE-2024-0656 is a vulnerability found in the Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress, affecting all versions up to and including 2.6.6. The vulnerability is classified as Stored Cross-Site Scripting and occurs due to insufficient input sanitization and output escaping of the Google Captcha Site Key. The exploit allows authenticated attackers with administrator-level access to inject arbitrary web scripts into pages, which will execute whenever a user accesses an injected page. It should be noted that this vulnerability only affects multi-site installations and installations where unfiltered_html has been disabled. The risk score assigned to this vulnerability is 5, with a base severity of MEDIUM. Remediation should involve updating the affected plugin to the latest version or applying any available patches, as recommended by, the source of this information.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-0656 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options