WordPress WP-CopyProtect [Protect your blog posts] Plugin <= 3.1.0 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-25025

8.8HIGH

Key Information:

Vendor: WordPress
Status: WP-CopyProtect [Protect your blog posts]
Vendor: CVE Published:; 4 October 2023

Summary

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the WP-CopyProtect plugin developed by Chetan Gole, affecting versions up to 3.1.0. This issue allows attackers to exploit the plugin by tricking authenticated users into submitting unwanted requests, potentially compromising the security of the affected WordPress sites.

Affected Version(s)

WP-CopyProtect [Protect your blog posts] <= 3.1.0

References

https://patchstack.com/database/vulnerability/wp-copyprot...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 4, 2023
Vulnerability Reserved
Feb 2, 2023

Credit

Mika (Patchstack Alliance)