CVE-2026-1320
published 2026-02-12CVE-2026-1320: The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' HTTP header…
PriorityP341high7.2CVSS 3.1
AVNACLPRNUINSCCLILAN
EPSS
0.26%
16.9th percentile
The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' HTTP header in all versions up to, and including, 4.9.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ays-pro | secure_copy_content_protection_and_content_locking | <= 4.9.8 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Wiz
CVE-2026-1320 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-1320 [CRITICAL] CVE-2026-1320 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1320 :
WordPress vulnerability analysis and mitigation
The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' HTTP header in all versions up to, and including, 4.9.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Source : NVD
## 7.2
Score
Published February 12, 2026
Severity HIGH
CNA Score 7.2
Affected Technologies
WordPress
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 13.7
Exploitation Probability (EPSS) N/A
Affe
Bugzilla
CVE-2025-14327 firefox: Spoofing issue in the Downloads Panel component
bugzilla·2025-12-09·CVSS 7.5
CVE-2025-14327 [HIGH] CVE-2025-14327 firefox: Spoofing issue in the Downloads Panel component
CVE-2025-14327 firefox: Spoofing issue in the Downloads Panel component
Spoofing issue in the Downloads Panel component. This vulnerability affects Firefox < 146.
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2026:0667 https://access.redhat.com/errata/RHSA-2026:0667
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9
Via RHSA-2026:0694 https://access.redhat.com/errata/RHSA-2026:0694
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9
Via RHSA-2026:0924 https://access.redhat.com/errata/RHSA-2026:0924
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9.6 Extended Update Support
Via RHSA-2026:1320 https://access
2026-02-12
Published