CVE-2024-6888
published 2024-09-04CVE-2024-6888: The Secure Copy Content Protection and Content Locking WordPress plugin before 4.1.7 does not sanitise and escape some of its settings, which could allow high…
PriorityP418medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EPSS
0.38%
29.5th percentile
The Secure Copy Content Protection and Content Locking WordPress plugin before 4.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ays-pro | secure_copy_content_protection_and_content_locking | < 4.1.7 | 4.1.7 |
CVSS provenance
nvdv3.14.8MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
osv7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q3xw-vphm-88j4: The Secure Copy Content Protection and Content Locking WordPress plugin before 4
ghsa_unreviewed·2024-09-04
CVE-2024-6888 [MEDIUM] CWE-79 GHSA-q3xw-vphm-88j4: The Secure Copy Content Protection and Content Locking WordPress plugin before 4
The Secure Copy Content Protection and Content Locking WordPress plugin before 4.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
OSV
python-django vulnerabilities
osv·2024-07-11·CVSS 7.5
CVE-2024-38875 python-django vulnerabilities
python-django vulnerabilities
USN-6888-1 fixed several vulnerabilities in Django. This update provides
the corresponding update for Ubuntu 18.04 LTS.
Original advisory details:
Elias Myllymäki discovered that Django incorrectly handled certain inputs
with a large number of brackets. A remote attacker could possibly use this
issue to cause Django to consume resources or stop responding, resulting in
a denial of service. (CVE-2024-38875)
It was discovered that Django incorrectly handled authenticating users with
unusable passwords. A remote attacker could possibly use this issue to
perform a timing attack and enumerate users. (CVE-2024-39329)
Josh Schneier discovered that Django incorrectly handled file path
validation when the storage class is being derived. A remote attacker could
pos
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-09-04
Published