Secure Copy Content Protection and Content Locking < 4.4.8 – Missing Authorization to Unauthenticated User Email Retrieval via ays_sccp_reports_user_search Function | CVE 2025-1404 | Plugin Vulnerabilities

Description

The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_sccp_reports_user_search() function in all versions up to, and including, 4.4.7. This makes it possible for unauthenticated attackers to retrieve a list of registered user emails.

Affects Plugins

secure-copy-content-protection

Fixed in 4.4.8

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/7363b5de-db30-4b35-b701-5c8f2835ec6c

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Krzysztof Zając

Verified

No

WPVDB ID

4cd6719e-a2bc-459d-a8b8-c57693419ec3

Timeline

Publicly Published

2025-02-28 (about 1 year ago)

Added

2025-02-28 (about 1 year ago)

Last Updated

2025-03-01 (about 1 year ago)

Other

Published

Title

Published

2024-08-12

Title

Icegram Collect – Easy Form, Lead Collection and Subscription plugin < 1.3.15 - Missing Authorization

Published

2025-04-29

Title

Custom PC Builder Lite for WooCommerce <= 1.0.1 - Missing Authorization to Unauthenticated Settings Update

Published

2024-08-16

Title

Fonts < 3.7.8 - Missing Authorization

Published

2023-10-25

Title

WP EXtra < 6.3 - Missing Authorization to Arbitrary Email Sending

Published

2026-01-19

Title

Image Photo Gallery Final Tiles Grid < 3.6.10 - Missing Authorization to Authenticated (Contributor+) Arbitrary Gallery Management