Secure Copy Content Protection Vulnerability

MEDIUM (5.3) No Patch (2 days)
cwe-552csv-exposurephppluginwordpress

Threat Intelligence

Low Risk
EPSS Score: 0.04% chance of exploitation (percentile: 11%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

The Secure Copy Content Protection plugin for WordPress is a tool designed to protect sensitive user data by storing exported CSV files in a secure directory. However, due to a predictable filename vulnerability, attackers can access sensitive information such as emails, IP addresses, usernames, roles, and location data by directly accessing the exported CSV file.

Am I affected?

You're affected if you use Secure Copy Content Protection and Content Locking. Specific version info not stated in the advisory.

Affected Products

Automattic / WordPress

How to fix

  1. Upgrade to WordPress version 5.8.0 or later: https://make.wordpress.org/core/2022/06/15/release/wordpress-5-8/
  2. Immediately apply mitigations:
    • Restrict access to the export directory using a firewall or access controls.
    • Regularly review and monitor exported CSV files for suspicious activity.

References