CVE-2026-25036

Name: Websites susceptible to CVE-2026-25036
Creator: WebTechSurvey

CVE-2026-25036

WordPress Passster plugin <= 4.2.25 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Chill Passster content-protector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Passster: from n/a through <= 4.2.25.

We have discovered 3,111 live websites that are affected by CVE-2026-25036.

Run a Free Instant Scan

Affected Software


Product	Content Protector
Category	Wordpress Plugins
Vulnerable Domains	3,111 live websites (88% of Content Protector install base)
Vulnerable Versions	from 0 through 4.2.25
Vulnerable Versions Count	42 versions ( 93% of all versions)

Available Reports

Website List

Details

Published - Feb 3, 2026
Updated - Feb 12, 2026

Credits

johska | Patchstack Bug Bounty Program (finder)

CVE References

Website Distribution by Country

Number of websites using CVE-2026-25036

United States	994 websites

Germany	451 websites
GB	193 websites
Japan	185 websites
France	178 websites
Canada	99 websites
Sweden	92 websites
Netherlands	88 websites
Italy	81 websites
Switzerland	69 websites

Website Distribution by TLD

Number of websites using CVE-2026-25036

.com	1,217 websites
.de	329 websites
.org	297 websites
.co.uk	89 websites
.fr	78 websites
.net	71 websites
.nl	69 websites
.se	68 websites
.ch	52 websites
.ca	50 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2026-25036

Top websites that are affected by CVE-2026-25036. Please click on the "Contact us" link to get more information.

Domain	Country	Rank
*********.net	United States	,*
*******.com	United States	,*
**********.com	United States	,*
*************.ru	Russia	,*
*****************.de	Germany	,*
*********.com	GB	*,*
****************************.org	Singapore	*,*
*************.com	United States	*,*
***********.com	New Zealand	*,*
*****.pl	Poland	*,*