CVE-2025-1404

Name of the Vulnerable Software and Affected Versions Secure Copy Content Protection and Content Locking plugin for WordPress versions prior to 4.4.8

Description The issue allows unauthorized access to data due to a missing capability check on the ays sccp reports user search() function. This makes it possible for unauthenticated attackers to retrieve a list of registered user emails.

Recommendations For Secure Copy Content Protection and Content Locking plugin for WordPress versions prior to 4.4.8, update to version 4.4.8 or later to resolve the issue. As a temporary workaround, consider disabling the ays sccp reports user search() function until a patch is available.