Description
WordPress Plugin Passster-Password Protection stores the password inside a cookie named "passster" using base64 encoding method which is easy to decode, if leaked. WordPress Plugin Passster-Password Protection version 3.5.5.5.1 is affected; prior versions may also be affected.
Remediation
Update to plugin version 3.5.5.5.2 or latest
References
https://wpscan.com/vulnerability/a8963750-62bf-403e-a906-94f371ed2a7a
https://plugins.svn.wordpress.org/content-protector/trunk/readme.txt
Related Vulnerabilities
ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-9044)
WordPress Plugin SpeakOut! Email Petitions Cross-Site Scripting (2.13.2)
WordPress Plugin AccessPress Social Counter Cross-Site Scripting (1.3.6)
WordPress Plugin Database for Contact Form 7, WPforms, Elementor forms Cross-Site Scripting (1.3.3)
WordPress Plugin twimp-wp-twitter multi publisher Cross-Site Request Forgery (0.1)