CVE-2022-23983 WordPress WP Content Copy Protection & No Right Click plugin <= 3.4.4 - Cross-Site Request Forgery (CSRF) leads to Settings Update vulnerability

2022-02-1600:00:00

CWE-352

Patchstack

www.cve.org

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.0%

JSON

Cross-Site Request Forgery (CSRF) vulnerability leading to plugin Settings Update discovered in WP Content Copy Protection & No Right Click WordPress plugin (versions <= 3.4.4).

CNA Affected

[
  {
    "product": "WP Content Copy Protection & No Right Click (WordPress plugin)",
    "vendor": "WP-buy",
    "versions": [
      {
        "lessThanOrEqual": "3.4.4",
        "status": "affected",
        "version": "<= 3.4.4",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/wp-content-copy-protector/wordpress-wp-content-copy-protection-no-right-click-plugin-3-4-4-cross-site-request-forgery-csrf-leads-to-settings-update-vulnerability

wordpress.org/plugins/wp-content-copy-protector/#developers