CVE-2025-11244 | Password Protected Plugin up to 2.7.11 on WordPress Header pp_get_ip_address X-Forwarded-For authorization

A vulnerability categorized as critical has been discovered in Password Protected Plugin up to 2.7.11 on WordPress. Affected is the function pp_get_ip_address of the component Header Handler. Such manipulation of the argument X-Forwarded-For leads to authorization bypass.

This vulnerability is traded as CVE-2025-11244. The attack may be launched remotely. There is no exploit available.VulDB Recent EntriesRead More