PT-2026-7848 · WordPress · Secure Copy Content Protection/Content Locking

Deadbee

Publicado

2026-02-12

Atualizado

2026-02-12

CVE-2026-1320

CVSS v3.1

7.2

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Secure Copy Content Protection and Content Locking plugin for WordPress versions through 4.9.8

Description The software is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the injected page. The vulnerability is triggered through the 'X-Forwarded-For' HTTP header.

Recommendations Update the Secure Copy Content Protection and Content Locking plugin to a version newer than 4.9.8.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2026-1320

Produtos afetados

Secure Copy Content Protection/Content Locking

PT-2026-7848 · WordPress · Secure Copy Content Protection/Content Locking

CVE-2026-1320

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5