Ays Pro Secure Copy Content Protection
Moderate fix1 remedy
cpe:2.3:a:ays-pro:secure_copy_content_protection_and_content_locking:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 4.4.7
Secure Copy Content Protection and Content Locking WordPress Plugin Missing Authorization Vulnerability
Vulnerability
Patched
A vulnerability exists in the Secure Copy Content Protection and Content Locking plugin for WordPress, affecting all versions through 4.4.7. The issue arises from a missing capability check in the 'ays_sccp_reports_user_search()' function, which allows unauthenticated users to access a list of registered user emails. This vulnerability could be exploited by attackers to gather email addresses without authorization.
Impact
Exploitation of this vulnerability allows for unauthorized retrieval of user email addresses, potentially leading to privacy violations or targeted phishing attacks.
Reproduction
The vulnerability can be reproduced by sending a request to the 'ays_sccp_reports_user_search' function without authentication. This can be done by an unauthenticated user, such as a guest, through an AJAX request. The absence of a proper capability check allows the request to be processed, resulting in the exposure of user email addresses.
Remediation
Users are advised to update the Secure Copy Content Protection and Content Locking plugin to version 4.4.8 or later, where this vulnerability has been patched.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
1.0impact
0.6exploitability
9.3remediation
7.7relevance
0.0threat
4.8urgency
2.9incentive
10.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.