Cross-Site Request Forgery in Secure Copy Content Protection Plugin for WordPress
CVE-2025-14159

4.3MEDIUM

Key Information:

Vendor

WordPress
Status
Secure Copy Content Protection And Content Locking
Vendor
CVE Published:
12 December 2025

What is CVE-2025-14159?

The Secure Copy Content Protection plugin for WordPress is susceptible to Cross-Site Request Forgery due to insufficient nonce validation within the 'ays_sccp_results_export_file' AJAX action. This flaw allows unauthenticated attackers to export sensitive data such as email addresses, IP addresses, physical addresses, user IDs, and other private user details without needing authentication. By tricking an administrator into executing a crafted request, attackers can access and exploit sensitive information stored in a publicly accessible file, posing significant privacy risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Secure Copy Content Protection and Content Locking * <= 4.9.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://wordpress.org/plugins/secure-copy-content-protect...
https://plugins.trac.wordpress.org/browser/secure-copy-co...

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Deadbee
JSON
.