Description

The Content Copy Protection & Prevent Image Save WordPress plugin through 1.3 does not check for CSRF when saving its settings, not perform any validation and sanitisation on them, allowing attackers to make a logged in administrator set arbitrary XSS payloads in them.

Related CPE's

a

content_copy_protection_\&_prevent_image_save_project

content_copy_protection_\&_prevent_image_save

*

*

*

*

*

wordpress

Vulnerable

References

https://m0ze.ru/exploit/csrf-prevent-content-copy-image-save-v1.3.html

ExploitThird Party Advisory

https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-352%5D-Content-Copy-Protection-Prevent-Image-Save-WordPress-Plugin-v1.3.txt

https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-79%5D-Content-Copy-Protection-Prevent-Image-Save-WordPress-Plugin-v1.3.txt

https://wpscan.com/vulnerability/c722f8d0-f86b-41c2-9f1f-48e475e22864

ExploitThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-352CWE-79

[email protected]

Secondary
CWE-352

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

6.5 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-06-01T14:15:09.467

4 years ago

Last modified

2023-11-07T03:31:10.463

1 year ago