Description
WordPress Plugin Passster-Password Protection stores the password inside a cookie named "passster" using base64 encoding method which is easy to decode, if leaked. WordPress Plugin Passster-Password Protection version 3.5.5.5.1 is affected; prior versions may also be affected.
Remediation
Update to plugin version 3.5.5.5.2 or latest
References
https://wpscan.com/vulnerability/a8963750-62bf-403e-a906-94f371ed2a7a
https://plugins.svn.wordpress.org/content-protector/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin WooCommerce Blocks SQL Injection (5.5.0)
Chamilo URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2015-9540)
Joomla Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2011-4912)
MySQL CVE-2015-0438 Vulnerability (CVE-2015-0438)
MediaWiki Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1581)