Vulnerabilities and security researches forsecure-copy-content-protection secure-copy-content-protection

Jun 06, 2024

CVE, Research URL: CVE-2024-33587
Home page URL: Security reports for Secure Copy Content Protection and Content Locking
Application: Secure Copy Content Protection and Content Locking
Date: Apr 29, 2024
Research Description: Missing Authorization vulnerability in Copy Content Protection Team Secure Copy Content Protection and Content Locking.This issue affects Secure Copy Content Protection and Content Locking: from n/a through 3.9.0.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2021-24931
Home page URL: Security reports for Secure Copy Content Protection and Content Locking
Application: Secure Copy Content Protection and Content Locking
Date: Dec 06, 2021
Research Description: The Secure Copy Content Protection and Content Locking WordPress plugin before 2.8.2 does not escape the sccp_id parameter of the ays_sccp_results_export_file AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an SQL injection.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2021-24484
Home page URL: Security reports for Secure Copy Content Protection and Content Locking
Application: Secure Copy Content Protection and Content Locking
Date: Aug 02, 2021
Research Description: The get_reports() function in the Secure Copy Content Protection and Content Locking WordPress plugin before 2.6.7 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-32787
Home page URL: Security reports for Secure Copy Content Protection and Content Locking
Application: Secure Copy Content Protection and Content Locking
Date: Jun 09, 2024
Research Description: Missing Authorization vulnerability in Copy Content Protection Team Secure Copy Content Protection and Content Locking.This issue affects Secure Copy Content Protection and Content Locking: from n/a through 3.7.1.
Affected versions: Min -, max -.
Status: vulnerable

Jul 12, 2024

CVE, Research URL: CVE-2024-6138
Home page URL: Security reports for Secure Copy Content Protection and Content Locking
Application: Secure Copy Content Protection and Content Locking
Date: Jul 11, 2024
Research Description: The Secure Copy Content Protection and Content Locking WordPress plugin before 4.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions: Min -, max -.
Status: vulnerable

Sep 06, 2024

CVE, Research URL: CVE-2024-6889
Home page URL: Security reports for Secure Copy Content Protection and Content Locking
Application: Secure Copy Content Protection and Content Locking
Date: Sep 04, 2024
Research Description: The Secure Copy Content Protection and Content Locking WordPress plugin before 4.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-6888
Home page URL: Security reports for Secure Copy Content Protection and Content Locking
Application: Secure Copy Content Protection and Content Locking
Date: Sep 04, 2024
Research Description: The Secure Copy Content Protection and Content Locking WordPress plugin before 4.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Affected versions: Min -, max -.
Status: vulnerable

Oct 04, 2024

CVE, Research URL: CVE-2024-47306
Home page URL: Security reports for Secure Copy Content Protection and Content Locking
Application: Secure Copy Content Protection and Content Locking
Date: Oct 06, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Copy Content Protection Team Secure Copy Content Protection and Content Locking allows Stored XSS.This issue affects Secure Copy Content Protection and Content Locking: from n/a through 4.2.3.
Affected versions: Min -, max -.
Status: vulnerable

Mar 02, 2025

CVE, Research URL: CVE-2025-1404
Home page URL: Security reports for Secure Copy Content Protection and Content Locking
Application: Secure Copy Content Protection and Content Locking
Date: Mar 01, 2025
Research Description: The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_sccp_reports_user_search() function in all versions up to, and including, 4.4.7. This makes it possible for unauthenticated attackers to retrieve a list of registered user emails.
Affected versions: Min -, max -.
Status: vulnerable

Apr 04, 2025

CVE, Research URL: CVE-2025-30905
Home page URL: Security reports for Secure Copy Content Protection and Content Locking
Application: Secure Copy Content Protection and Content Locking
Date: Apr 02, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Secure Copy Content Protection and Content Locking allows Stored XSS. This issue affects Secure Copy Content Protection and Content Locking: from n/a through 4.4.3.
Affected versions: Min -, max -.
Status: vulnerable

Apr 06, 2025

CVE, Research URL: CVE-2025-32133
Home page URL: Security reports for Secure Copy Content Protection and Content Locking
Application: Secure Copy Content Protection and Content Locking
Date: Apr 04, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Secure Copy Content Protection and Content Locking allows Stored XSS. This issue affects Secure Copy Content Protection and Content Locking: from n/a through 4.5.1.
Affected versions: Min -, max -.
Status: vulnerable