The Secure Copy Content Protection and Content Locking WordPress plugin before 4.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
History

Mon, 07 Oct 2024 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Ays-pro
Ays-pro secure Copy Content Protection And Content Locking
Weaknesses CWE-79
CPEs cpe:2.3:a:ays-pro:secure_copy_content_protection_and_content_locking:*:*:*:*:*:wordpress:*:*
Vendors & Products Ays-pro
Ays-pro secure Copy Content Protection And Content Locking

Wed, 04 Sep 2024 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Copy Content Protection Team
Copy Content Protection Team secure Copy Content Protection And Content Locking
CPEs cpe:2.3:a:copy_content_protection_team:secure_copy_content_protection_and_content_locking:*:*:*:*:*:*:*:*
Vendors & Products Copy Content Protection Team
Copy Content Protection Team secure Copy Content Protection And Content Locking
Metrics cvssV3_1

{'score': 4.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 04 Sep 2024 06:15:00 +0000

Type Values Removed Values Added
Description The Secure Copy Content Protection and Content Locking WordPress plugin before 4.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Title Secure Copy Content Protection and Content Locking < 4.1.7 - Admin+ Stored XSS
References

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2024-09-04T06:00:03.859Z

Updated: 2024-09-04T14:41:05.863Z

Reserved: 2024-07-18T19:18:12.198Z

Link: CVE-2024-6888

cve-icon Vulnrichment

Updated: 2024-09-04T14:40:59.599Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-04T06:15:17.407

Modified: 2024-10-07T15:41:03.803

Link: CVE-2024-6888

cve-icon Redhat

No data.