PT-2026-48832 · WordPress · Secure Copy Content Protection/Content Locking
Luca Jungnickel
·
Published
2026-06-12
·
Updated
2026-06-12
·
CVE-2026-9269
CVSS v3.1
3.5
Low
| Vector | AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Secure Copy Content Protection and Content Locking WordPress plugin versions prior to 5.1.5
Description
Insufficient sanitization and escaping of certain settings allow high-privilege users, such as administrators, to execute Stored Cross-Site Scripting attacks. This issue persists even in environments where the
unfiltered html capability is disabled, such as in multisite configurations. Stored Cross-Site Scripting occurs when a malicious script is permanently stored on the target server, which is then served to other users.Recommendations
Update the plugin to version 5.1.5 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Secure Copy Content Protection/Content Locking