Wp-Buy Wp Content Copy Protection No Right Click vulnerabilities
6 known vulnerabilities affecting wp-buy/wp_content_copy_protection_no_right_click.
Total CVEs
6
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
HIGH3MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2024-6690P2MEDIUMCVSS 6.1ExploitedPoCfixed in 15.32025-05-15
CVE-2024-6690 [MEDIUM] CWE-601 CVE-2024-6690: The wccp-pro WordPress plugin before 15.3 contains an open-redirect flaw via the referrer parameter,
The wccp-pro WordPress plugin before 15.3 contains an open-redirect flaw via the referrer parameter, allowing redirection of users to external sites
nvd
CVE-2021-24188P3HIGHCVSS 8.8fixed in 3.1.5≥ 3.1.5, < 3.1.52021-05-14
CVE-2021-24188 [HIGH] CWE-285 CVE-2021-24188: Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WP Con
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WP Content Copy Protection & No Right Click WordPress plugin before 3.1.5, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugin
nvd
CVE-2024-49306P3HIGHCVSS 8.8fixed in 3.6.1≤ 3.5.92024-10-20
CVE-2024-49306 [HIGH] CWE-352 CVE-2024-49306: Cross-Site Request Forgery (CSRF) vulnerability in wp-buy WP Content Copy Protection & No Right Clic
Cross-Site Request Forgery (CSRF) vulnerability in wp-buy WP Content Copy Protection & No Right Click wp-content-copy-protector allows Cross Site Request Forgery.This issue affects WP Content Copy Protection & No Right Click: from n/a through <= 3.5.9.
nvd
CVE-2022-23983P4HIGHCVSS 8.8≤ 3.4.42022-02-21
CVE-2022-23983 [HIGH] CWE-352 CVE-2022-23983: Cross-Site Request Forgery (CSRF) vulnerability leading to plugin Settings Update discovered in WP C
Cross-Site Request Forgery (CSRF) vulnerability leading to plugin Settings Update discovered in WP Content Copy Protection & No Right Click WordPress plugin (versions <= 3.4.4).
nvd
CVE-2024-6693P4MEDIUMCVSS 4.8fixed in 15.32025-05-15
CVE-2024-6693 [MEDIUM] CWE-79 CVE-2024-6693: The wccp-pro WordPress plugin before 15.3 does not sanitise and escape some of its settings, which c
The wccp-pro WordPress plugin before 15.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
nvd
CVE-2023-36678P4MEDIUMCVSS 4.8≤ 3.5.5≥ n/a, ≤ 3.5.52023-08-05
CVE-2023-36678 [MEDIUM] CWE-79 CVE-2023-36678: Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP-buy WP Content Copy Protection
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP-buy WP Content Copy Protection & No Right Click plugin <= 3.5.5 versions.
nvd