Secure Copy Content Protection and Content Locking WordPress Plugin Cross-Site Request Forgery Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Secure Copy Content Protection and Content Locking plugin for WordPress, affecting all versions through 4.9.2. The vulnerability arises from inadequate nonce validation on the 'ays_sccp_results_export_file' AJAX action, allowing unauthenticated attackers to export sensitive plugin data. This data includes email addresses, IP addresses, physical addresses, user IDs, and other user information. The exported data is saved in a publicly accessible file, which can be accessed by attackers who manage to deceive a site administrator into clicking a link.

Impact

Exploitation of this vulnerability allows for unauthorized data export, including sensitive user information, which could be misused for malicious purposes.

Reproduction

To reproduce this vulnerability, an attacker must trick a WordPress site administrator into clicking a link that initiates the 'ays_sccp_results_export_file' AJAX action without the required nonce. This can be done by creating a forged request that exploits the missing nonce validation. Once the administrator clicks the link, the request is processed, and the sensitive data is exported to a publicly accessible file.

Remediation

Users are advised to update the Secure Copy Content Protection and Content Locking plugin to version 4.9.3 or later, where this vulnerability has been patched.