PT-2025-50926 · WordPress · Secure Copy Content Protection/Content Locking
Deadbee
·
Published
2025-12-12
·
Updated
2025-12-12
·
CVE-2025-14442
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Secure Copy Content Protection and Content Locking versions prior to 4.9.2
Description
The Secure Copy Content Protection and Content Locking plugin for WordPress exhibits sensitive information exposure. This occurs because exported CSV files are stored in a publicly accessible directory using predictable filenames. An unauthenticated attacker can access sensitive user data, including emails, IP addresses, usernames, roles, and location data, by directly accessing these CSV files.
Recommendations
Update Secure Copy Content Protection and Content Locking to a version newer than 4.9.2.
Fix
Files Accessible to External Parties
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Secure Copy Content Protection/Content Locking