5.3
CVE-2025-14442
- EPSS 0.06%
- Veröffentlicht 12.12.2025 11:15:49
- Zuletzt bearbeitet 12.12.2025 15:17:31
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
Secure Copy Content Protection and Content Locking <= 4.9.2 - Unauthenticated Sensitive Information Exposure via Exposed CSV Export File
The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to sensitive information exposure due to storage of exported CSV files in a publicly accessible directory with predictable filenames in all versions up to, and including, 4.9.2. This makes it possible for unauthenticated attackers to access sensitive user data including emails, IP addresses, usernames, roles, and location data by directly accessing the exported CSV file.
Mögliche Gegenmaßnahme
Secure Copy Content Protection and Content Locking: Update to version 4.9.3, or a newer patched version
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginWeitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Secure Copy Content Protection and Content Locking
Version
*-4.9.2
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Herstellerays-pro
≫
Produkt
Secure Copy Content Protection and Content Locking
Default Statusunaffected
Version <=
4.9.2
Version
*
Status
affected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.176 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-552 Files or Directories Accessible to External Parties
The product makes files or directories accessible to unauthorized actors, even though they should not be.