Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for Content Copy Protection & Prevent Image Save by Unknown
CVE-2021-24333 (GCVE-0-2021-24333)
Vulnerability from cvelistv5 – Published: 2021-06-01 11:33 – Updated: 2024-08-03 19:28
VLAI
Title
Content Copy Protection & Prevent Image Save <= 1.3 - CSRF to Stored Cross-Site Scripting (XSS)
Summary
The Content Copy Protection & Prevent Image Save WordPress plugin through 1.3 does not check for CSRF when saving its settings, not perform any validation and sanitisation on them, allowing attackers to make a logged in administrator set arbitrary XSS payloads in them.
Severity
No CVSS data available.
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/c722f8d0-f86b-41… | x_refsource_CONFIRM |
| https://m0ze.ru/exploit/csrf-prevent-content-copy… | x_refsource_MISC |
| https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5… | x_refsource_MISC |
| https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Content Copy Protection & Prevent Image Save |
Affected:
1.3 , ≤ 1.3
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/c722f8d0-f86b-41c2-9f1f-48e475e22864"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://m0ze.ru/exploit/csrf-prevent-content-copy-image-save-v1.3.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-352%5D-Content-Copy-Protection-Prevent-Image-Save-WordPress-Plugin-v1.3.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-79%5D-Content-Copy-Protection-Prevent-Image-Save-WordPress-Plugin-v1.3.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Content Copy Protection \u0026 Prevent Image Save",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "1.3",
"status": "affected",
"version": "1.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "m0ze"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Content Copy Protection \u0026 Prevent Image Save WordPress plugin through 1.3 does not check for CSRF when saving its settings, not perform any validation and sanitisation on them, allowing attackers to make a logged in administrator set arbitrary XSS payloads in them."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-01T11:33:31.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/c722f8d0-f86b-41c2-9f1f-48e475e22864"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://m0ze.ru/exploit/csrf-prevent-content-copy-image-save-v1.3.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-352%5D-Content-Copy-Protection-Prevent-Image-Save-WordPress-Plugin-v1.3.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-79%5D-Content-Copy-Protection-Prevent-Image-Save-WordPress-Plugin-v1.3.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Content Copy Protection \u0026 Prevent Image Save \u003c= 1.3 - CSRF to Stored Cross-Site Scripting (XSS)",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24333",
"STATE": "PUBLIC",
"TITLE": "Content Copy Protection \u0026 Prevent Image Save \u003c= 1.3 - CSRF to Stored Cross-Site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Content Copy Protection \u0026 Prevent Image Save",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.3",
"version_value": "1.3"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "m0ze"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Content Copy Protection \u0026 Prevent Image Save WordPress plugin through 1.3 does not check for CSRF when saving its settings, not perform any validation and sanitisation on them, allowing attackers to make a logged in administrator set arbitrary XSS payloads in them."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/c722f8d0-f86b-41c2-9f1f-48e475e22864",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/c722f8d0-f86b-41c2-9f1f-48e475e22864"
},
{
"name": "https://m0ze.ru/exploit/csrf-prevent-content-copy-image-save-v1.3.html",
"refsource": "MISC",
"url": "https://m0ze.ru/exploit/csrf-prevent-content-copy-image-save-v1.3.html"
},
{
"name": "https://m0ze.ru/vulnerability/[2021-03-29]-[WordPress]-[CWE-352]-Content-Copy-Protection-Prevent-Image-Save-WordPress-Plugin-v1.3.txt",
"refsource": "MISC",
"url": "https://m0ze.ru/vulnerability/[2021-03-29]-[WordPress]-[CWE-352]-Content-Copy-Protection-Prevent-Image-Save-WordPress-Plugin-v1.3.txt"
},
{
"name": "https://m0ze.ru/vulnerability/[2021-03-29]-[WordPress]-[CWE-79]-Content-Copy-Protection-Prevent-Image-Save-WordPress-Plugin-v1.3.txt",
"refsource": "MISC",
"url": "https://m0ze.ru/vulnerability/[2021-03-29]-[WordPress]-[CWE-79]-Content-Copy-Protection-Prevent-Image-Save-WordPress-Plugin-v1.3.txt"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24333",
"datePublished": "2021-06-01T11:33:31.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:28:23.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24333 (GCVE-0-2021-24333)
Vulnerability from nvd – Published: 2021-06-01 11:33 – Updated: 2024-08-03 19:28
VLAI
Title
Content Copy Protection & Prevent Image Save <= 1.3 - CSRF to Stored Cross-Site Scripting (XSS)
Summary
The Content Copy Protection & Prevent Image Save WordPress plugin through 1.3 does not check for CSRF when saving its settings, not perform any validation and sanitisation on them, allowing attackers to make a logged in administrator set arbitrary XSS payloads in them.
Severity
No CVSS data available.
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/c722f8d0-f86b-41… | x_refsource_CONFIRM |
| https://m0ze.ru/exploit/csrf-prevent-content-copy… | x_refsource_MISC |
| https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5… | x_refsource_MISC |
| https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Content Copy Protection & Prevent Image Save |
Affected:
1.3 , ≤ 1.3
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/c722f8d0-f86b-41c2-9f1f-48e475e22864"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://m0ze.ru/exploit/csrf-prevent-content-copy-image-save-v1.3.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-352%5D-Content-Copy-Protection-Prevent-Image-Save-WordPress-Plugin-v1.3.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-79%5D-Content-Copy-Protection-Prevent-Image-Save-WordPress-Plugin-v1.3.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Content Copy Protection \u0026 Prevent Image Save",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "1.3",
"status": "affected",
"version": "1.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "m0ze"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Content Copy Protection \u0026 Prevent Image Save WordPress plugin through 1.3 does not check for CSRF when saving its settings, not perform any validation and sanitisation on them, allowing attackers to make a logged in administrator set arbitrary XSS payloads in them."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-01T11:33:31.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/c722f8d0-f86b-41c2-9f1f-48e475e22864"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://m0ze.ru/exploit/csrf-prevent-content-copy-image-save-v1.3.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-352%5D-Content-Copy-Protection-Prevent-Image-Save-WordPress-Plugin-v1.3.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-79%5D-Content-Copy-Protection-Prevent-Image-Save-WordPress-Plugin-v1.3.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Content Copy Protection \u0026 Prevent Image Save \u003c= 1.3 - CSRF to Stored Cross-Site Scripting (XSS)",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24333",
"STATE": "PUBLIC",
"TITLE": "Content Copy Protection \u0026 Prevent Image Save \u003c= 1.3 - CSRF to Stored Cross-Site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Content Copy Protection \u0026 Prevent Image Save",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.3",
"version_value": "1.3"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "m0ze"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Content Copy Protection \u0026 Prevent Image Save WordPress plugin through 1.3 does not check for CSRF when saving its settings, not perform any validation and sanitisation on them, allowing attackers to make a logged in administrator set arbitrary XSS payloads in them."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/c722f8d0-f86b-41c2-9f1f-48e475e22864",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/c722f8d0-f86b-41c2-9f1f-48e475e22864"
},
{
"name": "https://m0ze.ru/exploit/csrf-prevent-content-copy-image-save-v1.3.html",
"refsource": "MISC",
"url": "https://m0ze.ru/exploit/csrf-prevent-content-copy-image-save-v1.3.html"
},
{
"name": "https://m0ze.ru/vulnerability/[2021-03-29]-[WordPress]-[CWE-352]-Content-Copy-Protection-Prevent-Image-Save-WordPress-Plugin-v1.3.txt",
"refsource": "MISC",
"url": "https://m0ze.ru/vulnerability/[2021-03-29]-[WordPress]-[CWE-352]-Content-Copy-Protection-Prevent-Image-Save-WordPress-Plugin-v1.3.txt"
},
{
"name": "https://m0ze.ru/vulnerability/[2021-03-29]-[WordPress]-[CWE-79]-Content-Copy-Protection-Prevent-Image-Save-WordPress-Plugin-v1.3.txt",
"refsource": "MISC",
"url": "https://m0ze.ru/vulnerability/[2021-03-29]-[WordPress]-[CWE-79]-Content-Copy-Protection-Prevent-Image-Save-WordPress-Plugin-v1.3.txt"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24333",
"datePublished": "2021-06-01T11:33:31.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:28:23.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}