Description
Cross-Site Request Forgery (CSRF) vulnerability in wygk Copyright Safeguard Footer Notice copyright-safeguard-footer-notice allows Stored XSS.This issue affects Copyright Safeguard Footer Notice: from n/a through <= 3.0.
Published: 2025-01-16
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The plugin contains a CSRF flaw that allows malicious actors to store harmful JavaScript in the website’s footer. Attackers exploit the flaw by sending a crafted request that bypasses authentication checks, leading to persistent cross‑site scripting that runs when visitors load the footnote. The impact is that any user views the affected page can have their session data, cookies, or tracked interactions compromised through injected code.

Affected Systems

The vulnerability affects the WordPress plugin "Copyright Safeguard Footer Notice" by wygk, version 3.0 and earlier. Sites that have installed this plugin up to and including version 3.0 are at risk.

Risk and Exploitability

The vulnerability has a CVSS base score of 7.1, which indicates a high potential for damage if exploited. The EPSS score is below 1%, suggesting that the likelihood of real‑world attacks is currently low, and it is not in the CISA KEV list. The official advisories do not list any known exploits, implying limited attacker activity. Based on the description, it is inferred that the CSRF may require an authenticated session to effect the stored XSS; if true, attackers who compromise administrative credentials could inject malicious code that runs for all site visitors.

Generated by OpenCVE AI on May 2, 2026 at 06:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to the latest patch of Copyright Safeguard Footer Notice plugin (version 3.1 or newer if released).
  • If a newer version is not available, restrict access to the plugin settings to privileged administrators only, and monitor for unexpected changes.
  • Apply a web application firewall rule or content security policy that blocks inline scripts injected into the footer, mitigating the stored XSS risk.

Generated by OpenCVE AI on May 2, 2026 at 06:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-3491 Cross-Site Request Forgery (CSRF) vulnerability in Robert Nicholson Copyright Safeguard Footer Notice allows Stored XSS.This issue affects Copyright Safeguard Footer Notice: from n/a through 3.0.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in Robert Nicholson Copyright Safeguard Footer Notice allows Stored XSS.This issue affects Copyright Safeguard Footer Notice: from n/a through 3.0. Cross-Site Request Forgery (CSRF) vulnerability in wygk Copyright Safeguard Footer Notice copyright-safeguard-footer-notice allows Stored XSS.This issue affects Copyright Safeguard Footer Notice: from n/a through <= 3.0.
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Fri, 17 Jan 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 16 Jan 2025 20:30:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in Robert Nicholson Copyright Safeguard Footer Notice allows Stored XSS.This issue affects Copyright Safeguard Footer Notice: from n/a through 3.0.
Title WordPress Copyright Safeguard Footer Notice plugin <= 3.0 - CSRF to Stored Cross Site Request Forgery (CSRF) vulnerability
Weaknesses CWE-352
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:11:22.937Z

Reserved: 2025-01-16T11:31:20.771Z

Link: CVE-2025-23870

cve-icon Vulnrichment

Updated: 2025-01-17T17:17:29.741Z

cve-icon NVD

Status : Deferred

Published: 2025-01-16T21:15:27.040

Modified: 2026-06-17T08:57:38.977

Link: CVE-2025-23870

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T06:15:06Z

Weaknesses
  • CWE-352

    Cross-Site Request Forgery (CSRF)