Missing Authorization Vulnerability in Ays Pro Secure Copy Content Protection Product
CVE-2026-25335

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Secure Copy Content Protection And Content Locking
Vendor: CVE Published:; 19 February 2026

What is CVE-2026-25335?

A security concern has been identified in Ays Pro Secure Copy Content Protection and Content Locking that allows exploiting misconfigured access control security levels. This missing authorization vulnerability enables unauthorized users to gain access to restricted content, thereby compromising the integrity of protected resources. The issue affects versions from n/a to 5.0.0, necessitating immediate attention to ensure proper access control configurations.

Affected Version(s)

Secure Copy Content Protection and Content Locking 0 <= 5.0.0

References

https://patchstack.com/database/Wordpress/Plugin/secure-c...

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 19, 2026
Vulnerability Reserved
Feb 2, 2026

Credit

w41bu1 | Patchstack Bug Bounty Program

CVE-2026-25335 Data

JSON

WordPress

What is CVE-2026-25335?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit