WordPress Plugin Vulnerabilities

Secure Copy Content Protection and Content Locking < 3.9.1 - Missing Authorization

Description

The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivate_sccp_option function in versions up to, and including, 3.9.0. This makes it possible for unauthenticated attackers to modify an option. It does not appear this was adequately patched in 3.9.1.

Affects Plugins

Plugin icon
secure-copy-content-protection
Fixed in 3.9.1

References

CVE
CVE-2024-33587
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/0afc98b1-e1ee-4c77-89fc-9ccb045c6733

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Mika
Verified
No
WPVDB ID
562d874d-c993-45ba-9c82-eac25537798f

Timeline

Publicly Published
2024-04-25 (about 2 years ago)
Added
2024-05-01 (about 2 years ago)
Last Updated
2024-05-01 (about 2 years ago)

Other

Published
Title
Published
2024-10-28
Title
Bulk Change Role <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation
Published
2023-02-24
Title
Apollo13 Framework Extensions < 1.9.0 - Missing Authorization
Published
2025-10-08
Title
Open Close WooCommerce Store <= 4.9.8 - Missing Authorization
Published
2026-04-07
Title
MainWP Child Reports < 2.3 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure via Heartbeat API
Published
2024-04-22
Title
WP GoToWebinar < 15.1 - Missing Authorization