CVE-2022-1900 – The Copify WordPress plugin up to version 1.3.0... (How to Fix)

📋 TL;DR

The Copify WordPress plugin up to version 1.3.0 has a CSRF vulnerability that allows attackers to trick administrators into changing plugin settings and injecting malicious scripts. This affects WordPress sites using vulnerable Copify plugin versions. Attackers can exploit this without authentication by crafting malicious requests.

💻 Affected Systems

Products:

Copify WordPress Plugin

Versions: Up to and including 1.3.0

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with Copify plugin enabled

📦 What is this software?

Copify by Copify

View all CVEs affecting Copify →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Site compromise through persistent XSS leading to credential theft, malware distribution, or complete site takeover

🟠

Likely Case

Malicious script injection leading to defacement, cookie theft, or redirects to phishing sites

🟢

If Mitigated

No impact if nonce validation is properly implemented or plugin is updated

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires social engineering to trick admin into clicking malicious link

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.3.1 or later

Vendor Advisory: https://wordpress.org/plugins/copify/

Restart Required: No

Instructions:

1. Log into WordPress admin panel
2. Navigate to Plugins → Installed Plugins
3. Find Copify plugin
4. Click 'Update Now' if available
5. If no update available, deactivate and delete plugin

🔧 Temporary Workarounds

Temporary Deactivation

all

Disable the Copify plugin until patched

wp plugin deactivate copify

🧯 If You Can't Patch

Implement Content Security Policy (CSP) headers to restrict script execution
Use web application firewall with CSRF protection rules

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Installed Plugins for Copify version ≤1.3.0

Check Version:

wp plugin get copify --field=version

Verify Fix Applied:

Verify Copify plugin version is ≥1.3.1 in WordPress admin

📡 Detection & Monitoring

Log Indicators:

POST requests to /wp-admin/admin.php?page=copify without valid nonce
Unauthorized settings changes in Copify plugin

Network Indicators:

CSRF attack patterns with forged requests to admin endpoints

SIEM Query:

source="wordpress" AND uri="/wp-admin/admin.php" AND query="page=copify" AND NOT nonce=*

📊 Metadata

CVE ID: CVE-2022-1900

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

Published: June 13, 2022

Last Updated: May 5, 2025

🔗 References

https://www.wordfence.com/threat-intel/vulnerabilities/id/e92c6374-d11d-458c-b089-0ee79c33e4a6?source=cve Third Party Advisory
https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1900 Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/e92c6374-d11d-458c-b089-0ee79c33e4a6?source=cve Third Party Advisory
https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1900 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-1900, you might also want to check these: