WordPress Plugin Vulnerabilities

WP Content Copy Protection & No Right Click (premium) < 15.3 - Open Redirect

Description

The plugin contains an open-redirect flaw via the referrer parameter, allowing redirection of users to external sites

Proof of Concept

Affects Plugins

Plugin icon
wccp-pro
Fixed in 15.3

References

CVE
CVE-2024-6690

Classification

Type
REDIRECT
OWASP top 10
A1: Injection
CWE
CWE-601
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Esther Nambuya
Submitter
Esther Nambuya
Verified
Yes
WPVDB ID
09c6848d-30dc-4382-ae74-b470f586e142

Timeline

Publicly Published
2024-05-29 (about 1 year ago)
Added
2024-08-20 (about 1 year ago)
Last Updated
2024-08-20 (about 1 year ago)

Other

Published
Title
Published
2023-11-23
Title
Landing Page Builder < 1.5.1.6 - Open Redirect
Published
2020-11-27
Title
Age Gate < 2.13.5 - Unauthenticated Open Redirect
Published
2021-12-27
Title
WebP Converter for Media < 4.0.3 - Unauthenticated Open redirect
Published
2014-08-01
Title
WP Symposium 13.04 - Unvalidated Redirect
Published
2019-10-21
Title
Bridge Theme < 18.2.1 - Open Redirect