Ays-pro

Secure Copy Content Protection And Content Locking

11 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2025-14159

  • EPSS 0.01%
  • Veröffentlicht 12.12.2025 11:15:49
  • Zuletzt bearbeitet 12.12.2025 15:17:31

The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.2. This is due to missing nonce validation on the 'ays_sccp_results_export_file' AJAX ac...

5.3

CVE-2025-14442

  • EPSS 0.04%
  • Veröffentlicht 12.12.2025 11:15:49
  • Zuletzt bearbeitet 12.12.2025 15:17:31

The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to sensitive information exposure due to storage of exported CSV files in a publicly accessible directory with predictable filenames in all versions up to, and ...

5.9

CVE-2025-32133

  • EPSS 0.03%
  • Veröffentlicht 04.04.2025 16:15:21
  • Zuletzt bearbeitet 07.04.2025 14:18:15

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Secure Copy Content Protection and Content Locking allows Stored XSS. This issue affects Secure Copy Content Protection and Content Locking:...

7.1

CVE-2025-30905

  • EPSS 0.03%
  • Veröffentlicht 01.04.2025 21:15:45
  • Zuletzt bearbeitet 02.04.2025 14:58:07

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Secure Copy Content Protection and Content Locking allows Stored XSS. This issue affects Secure Copy Content Protection and Content Locking:...

5.3

CVE-2025-1404

  • EPSS 0.15%
  • Veröffentlicht 01.03.2025 12:15:34
  • Zuletzt bearbeitet 01.03.2025 12:15:34

The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_sccp_reports_user_search() function in all versions up to, and including, 4.4.7. Thi...

4.8

CVE-2024-6888

Exploit
  • EPSS 0.27%
  • Veröffentlicht 04.09.2024 06:15:17
  • Zuletzt bearbeitet 07.10.2024 15:41:03

The Secure Copy Content Protection and Content Locking WordPress plugin before 4.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the ...

4.8

CVE-2024-6889

Exploit
  • EPSS 0.22%
  • Veröffentlicht 04.09.2024 06:15:17
  • Zuletzt bearbeitet 07.10.2024 15:29:33

The Secure Copy Content Protection and Content Locking WordPress plugin before 4.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the ...

4.8

CVE-2024-6138

Exploit
  • EPSS 0.1%
  • Veröffentlicht 11.07.2024 06:15:03
  • Zuletzt bearbeitet 21.11.2024 09:49:02

The Secure Copy Content Protection and Content Locking WordPress plugin before 4.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the ...

5.3

CVE-2024-33587

  • EPSS 0.15%
  • Veröffentlicht 29.04.2024 13:15:31
  • Zuletzt bearbeitet 21.11.2024 09:17:12

Missing Authorization vulnerability in Copy Content Protection Team Secure Copy Content Protection and Content Locking.This issue affects Secure Copy Content Protection and Content Locking: from n/a through 3.9.0.

9.8

CVE-2021-24931

Exploit
  • EPSS 71.97%
  • Veröffentlicht 06.12.2021 16:15:08
  • Zuletzt bearbeitet 21.11.2024 05:54:02

The Secure Copy Content Protection and Content Locking WordPress plugin before 2.8.2 does not escape the sccp_id parameter of the ays_sccp_results_export_file AJAX action (available to both unauthenticated and authenticated users) before using it in ...