Ays Pro Secure Copy Content Protection
Moderate fix1 remedy
cpe:2.3:a:ays-pro:secure_copy_content_protection_and_content_locking:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 4.9.2
Secure Copy Content Protection and Content Locking WordPress Plugin Sensitive Information Exposure Vulnerability
Vulnerability
Patched
A vulnerability in the Secure Copy Content Protection and Content Locking plugin for WordPress, present in all versions through 4.9.2, allows for unauthorized access to sensitive user information. This issue arises because exported CSV files are stored in a publicly accessible directory with predictable filenames. Unauthenticated attackers can retrieve sensitive data such as emails, IP addresses, usernames, roles, and location information by directly accessing the exported CSV files.
Impact
Exploitation of this vulnerability could lead to unauthorized access to sensitive user data, including emails, IP addresses, usernames, roles, and location information.
Reproduction
The vulnerability can be reproduced by exporting results through the plugin's export feature. This action will generate a CSV file that is saved in a public directory. The exported file can then be accessed by anyone, without authentication, leading to exposure of sensitive user information.
Remediation
Users are advised to update the plugin to version 4.9.3 or later, where this vulnerability has been patched.
Added: Dec 12, 2025, 12:19 PM
Updated: Dec 12, 2025, 3:53 PM
Vulnerability Rating
Custom Algorithm
spread
1.0impact
2.5exploitability
8.6remediation
7.7relevance
1.4threat
4.8urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.