| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
| CVE-2024-6690 | 27 Oct 202501:52 | – | circl | |
| WordPress plugin wccp-pro 安全漏洞 | 15 May 202500:00 | – | cnnvd | |
| CVE-2024-6690 | 15 May 202520:07 | – | cve | |
| CVE-2024-6690 WP Content Copy Protection & No Right Click (premium) < 15.3 - Open Redirect | 15 May 202520:07 | – | cvelist | |
| EUVD-2025-15275 | 3 Oct 202520:07 | – | euvd | |
| CVE-2024-6690 | 15 May 202520:15 | – | nvd | |
| CVE-2024-6690 | 15 May 202520:15 | – | osv | |
| WordPress WP Content Copy Protection & No Right Click (premium) plugin < 15.3 - Open Redirect vulnerability | 19 May 202501:43 | – | patchstack | |
| PT-2025-21488 | 15 May 202500:00 | – | ptsecurity | |
| CVE-2024-6690 | 17 May 202521:02 | – | redhatcve |
id: CVE-2024-6690
info:
name: WP Content Copy Protection & No Right Click - Open Redirect
author: 0x_Akoko
severity: medium
description: |
The WP Content Copy Protection & No Right Click plugin before version 15.3 contains an open-redirect vulnerability via the referrer parameter in no-js.php, allowing redirection of users to external sites.
impact: |
Attackers can redirect users to malicious external sites, facilitating phishing or malware distribution.
remediation: |
Update to version 15.3 or later.
reference:
- https://wpscan.com/vulnerability/09c6848d-30dc-4382-ae74-b470f586e142/
- https://nvd.nist.gov/vuln/detail/CVE-2024-6690
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2024-6690
cwe-id: CWE-601
epss-score: 0.00473
epss-percentile: 0.37546
cpe: cpe:2.3:a:wp-buy:wp_content_copy_protection_\&_no_right_click:*:*:*:*:pro:wordpress:*:*
metadata:
verified: true
max-request: 1
vendor: wp-buy
product: wp_content_copy_protection_\&_no_right_click
framework: wordpress
tags: cve,cve2024,wordpress,wp-plugin,redirect,wccp-pro,unauth,vkev
http:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/wccp-pro/no-js.php?referrer=https://oast.pro"
matchers-condition: and
matchers:
- type: regex
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)oast\.pro.*$'
part: header
- type: status
status:
- 302
# digest: 4a0a004730450221009d02f5485a315e9198f4fa829be8e2a4da57e3a4cd018ec681bf9cbfb67e1c6f02205a2fc915b23acf7acd8032fc3c396bf467c541ef78abea4e445a0910f101e23a:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation