A concerning bypass vulnerability has been identified in the Protect WP Admin plugin, posing a threat to WordPress security and leaving websites vulnerable to potential malware attacks. This security flaw could be exploited by malicious actors to bypass certain code restrictions, granting unauthorized access to the WordPress admin area. The vulnerability was discovered by Daniel Ruf, emphasizing the importance of vigilance in protecting your WordPress website.

The bypass vulnerability in the Protect WP Admin plugin allows malicious actors to circumvent code restrictions, potentially compromising sensitive information, such as passwords or credit card numbers.


While classified as medium severity, the Bypass Vulnerability still demands swift action, as it can be exploited to bypass certain safeguards and put websites at risk. With a CVSS 3.1 score of 6.5, the potential impact on website security should not be underestimated.

Affected Versions:

Versions of the Protect WP Admin plugin prior to 4.0 are susceptible to this Bypass Vulnerability. Upgrading to the latest version is crucial to remediate the vulnerability and enhance overall plugin security.


Exploiting this vulnerability could allow malicious actors to bypass important security measures, potentially gaining unauthorized access to the WordPress admin area. Such unauthorized access could lead to data breaches, manipulation of website content, or other malicious activities.


To bolster WordPress security and protect your website from potential risks, immediate action is necessary:

  1. Update to Version 4.0: Website owners using the Protect WP Admin plugin must update to the latest version (at least 4.0) without delay. This updated version contains the necessary fix to address the Bypass Vulnerability and strengthen the plugin’s security.
  2. Regular Security Audits: Conduct regular security audits of your WordPress website to identify and address potential vulnerabilities proactively.
  3. Stay Informed: Stay informed about security updates and advisories from the Protect WP Admin plugin developers. Regularly check for plugin updates and apply them promptly.