WordPress Plugin Vulnerabilities

WP Content Copy Protection & No Right Click < 3.4.5 - Settings Update via CSRF

Description

The plugin does not have CSRF check when updating its settings, allowing attackers to make logged in admin update them via a CSRF attack

Affects Plugins

Plugin icon
wp-content-copy-protector
Fixed in 3.4.5

References

CVE
CVE-2022-23983

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Muhammad Daffa
Verified
No
WPVDB ID
b6733721-56fc-44f5-b18b-cd5793517515

Timeline

Publicly Published
2022-02-16 (about 4 years ago)
Added
2022-02-21 (about 4 years ago)
Last Updated
2022-04-10 (about 3 years ago)

Other

Published
Title
Published
2025-03-24
Title
EZ SQL Reports Shortcode Widget and DB Backup 4.11.13 - 5.25.08 - Cross-Site Request Forgery to Remote Code Execution
Published
2023-09-01
Title
Remove/hide Author, Date, Category Like Entry-Meta <= 2.1 - Settings Update via CSRF
Published
2025-09-05
Title
Woocommerce Notify Updated Product <= 1.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-06-27
Title
WooCommerce PDF Invoice Builder < 1.2.149 - Cross-Site Request Forgery
Published
2025-05-19
Title
Falang multilanguage < 1.3.62 - Cross-Site Request Forgery