The Secure Copy Content Protection and Content Locking WordPress plugin before 4.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Metrics
Affected Vendors & Products
References
History
Mon, 07 Oct 2024 16:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Ays-pro
Ays-pro secure Copy Content Protection And Content Locking |
|
Weaknesses | CWE-79 | |
CPEs | cpe:2.3:a:ays-pro:secure_copy_content_protection_and_content_locking:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Ays-pro
Ays-pro secure Copy Content Protection And Content Locking |
Wed, 04 Sep 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Copy Content Protection Team
Copy Content Protection Team secure Copy Content Protection And Content Locking |
|
CPEs | cpe:2.3:a:copy_content_protection_team:secure_copy_content_protection_and_content_locking:*:*:*:*:*:*:*:* | |
Vendors & Products |
Copy Content Protection Team
Copy Content Protection Team secure Copy Content Protection And Content Locking |
|
Metrics |
cvssV3_1
|
Wed, 04 Sep 2024 06:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Secure Copy Content Protection and Content Locking WordPress plugin before 4.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |
Title | Secure Copy Content Protection and Content Locking < 4.1.7 - Admin+ Stored XSS | |
References |
|
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2024-09-04T06:00:03.859Z
Updated: 2024-09-04T14:41:05.863Z
Reserved: 2024-07-18T19:18:12.198Z
Link: CVE-2024-6888
Vulnrichment
Updated: 2024-09-04T14:40:59.599Z
NVD
Status : Analyzed
Published: 2024-09-04T06:15:17.407
Modified: 2024-10-07T15:41:03.803
Link: CVE-2024-6888
Redhat
No data.