CVE-2025-12525

Published November 25th, 2025

View on NVD ↗

CVSS v3

5.3

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

The Locker Content plugin for WordPress is vulnerable to Sensitive Information Exposure in version 1.0.0 via the 'lockerco_submit_post' AJAX endpoint. This makes it possible for unauthenticated attackers to extract content from posts that has been protected by the plugin.

Locker Content — Content Locking & Engagement Gates

Locker Content is a powerful WordPress plugin that allows you to lock your valuable content behind various engagement gates. Increase user interaction, gather user-generated content, and protect premium content with multiple locking mechanisms. Key Features: ✅ Password Protection – Secure your content with password locks ✅ Agreement Lock – Require users to accept terms and conditions ✅ Post Creation Lock – Users must create content to unlock yours ✅ GDPR Compliant – Built with privacy and data protection in mind ✅ Rate Limiting – Prevent abuse with built-in rate limiting ✅ Spam Protection – Advanced spam detection for user submissions ✅ Responsive Design – Works perfectly on all devices ✅ Admin Dashboard – Manage all submissions from one place Perfect For: <ul> <li>Content Creators – Protect premium content and courses</li> <li>Marketers – Generate leads through content gates</li> <li>Community Sites – Encourage user participation and content creation</li> <li>Educational Sites – Require agreement to terms before accessing materials</li> <li>Membership Sites – Control access to exclusive content</li> </ul> Available Lock Types: <ol> <li>Password Lock – Traditional password protection with enhanced security features</li> <li>Agreement Lock – Require users to read and agree to terms, privacy policies, or disclaimers</li> <li>Post Creation Lock – Users must submit original content to unlock your premium material</li> </ol> Security Features: <ul> <li>Password hashing for secure storage</li> <li>Rate limiting to prevent brute force attacks</li> <li>CSRF protection with WordPress nonces</li> <li>Input sanitization and validation</li> <li>IP anonymization for GDPR compliance</li> <li>Spam detection and filtering</li> </ul> Admin Features: <ul> <li>Easy-to-use meta boxes for each post/page</li> <li>Bulk approval/rejection of user submissions</li> <li>Detailed submission tracking</li> <li>Customizable messages and interface text</li> <li>Template override support for developers</li> </ul> <h3>Developer Information</h3> Template Override Support You can override plugin templates by creating files in your theme: <pre><code>your-theme/ ├── lockerco/ │ ├── frontend/ │ │ ├── password-lock.php │ │ ├── agreement-lock.php │ │ └── postlock-lock.php │ └── admin/ │ ├── password-fields.php │ ├── agreement-fields.php │ └── postlock-fields.php </code></pre> Action Hooks <ul> <li><code>lockerco_post_submitted</code> – Fires when a user submits a post through the post lock</li> </ul> Filter Hooks <ul> <li><code>lockerco_password_strength</code> – Modify password strength requirements</li> <li><code>lockerco_spam_patterns</code> – Add custom spam detection patterns</li> </ul> CSS Classes <ul> <li><code>.lockerco-container</code> – Main container for all lock types</li> <li><code>.password-locker</code> – Password lock specific styling</li> <li><code>.agreement-locker</code> – Agreement lock specific styling</li> <li><code>.postlock-locker</code> – Post creation lock specific styling</li> </ul> Security Features <ul> <li>CSRF protection with WordPress nonces</li> <li>Input sanitization using WordPress functions</li> <li>Rate limiting to prevent abuse</li> <li>Password hashing for secure storage</li> <li>IP anonymization for privacy compliance</li> </ul> <h3>Support</h3> For support, feature requests, or bug reports, please visit our support forum or contact us through the plugin’s official page. Minimum Requirements: * WordPress 4.7 or higher * PHP 7.0 or higher * MySQL 5.6 or higher Recommended: * WordPress 6.0 or higher * PHP 8.0 or higher * MySQL 8.0 or higher

WordPress Plugin Directory

446