Login Sign Up

CVE-2024-6138

4.8 MEDIUM
Cross-Site Scripting

📋 TL;DR

This vulnerability in the Secure Copy Content Protection and Content Locking WordPress plugin allows administrators to inject malicious scripts into plugin settings, which then execute when other users view affected pages. It affects WordPress sites using vulnerable plugin versions, particularly in multisite configurations where unfiltered_html is restricted.

💻 Affected Systems

Products:
  • Secure Copy Content Protection and Content Locking WordPress plugin
Versions: All versions before 4.0.9
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires admin-level access; particularly relevant for WordPress multisite installations where unfiltered_html capability is disabled.

📦 What is this software?

Secure Copy Content Protection And Content Locking by Ays Pro

View all CVEs affecting Secure Copy Content Protection And Content Locking →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Administrator account compromise leads to site-wide XSS infection, credential theft from all users, and complete site takeover.

🟠

Likely Case

Malicious admin injects scripts that steal session cookies or redirect users to phishing sites, affecting all users viewing plugin-protected content.

🟢

If Mitigated

With proper admin account security and monitoring, impact is limited to targeted attacks requiring admin credentials.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires admin credentials but is straightforward once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.0.9

Vendor Advisory: https://wpscan.com/vulnerability/9ef2a8d8-39d5-45d3-95de-e7bac4b7382d/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Secure Copy Content Protection and Content Locking'. 4. Click 'Update Now' if available, or download version 4.0.9+ from WordPress repository. 5. Activate updated plugin.

🔧 Temporary Workarounds

Disable vulnerable plugin

linux

Temporarily deactivate the plugin until patched

wp plugin deactivate secure-copy-content-protection

Restrict admin access

all

Implement strict access controls and monitoring for admin accounts

🧯 If You Can't Patch

  • Remove admin access from untrusted users and implement strict admin account monitoring
  • Install web application firewall with XSS protection rules

🔍 How to Verify

Check if Vulnerable:

Check plugin version in WordPress admin under Plugins → Installed Plugins

Check Version:

wp plugin get secure-copy-content-protection --field=version

Verify Fix Applied:

Confirm plugin version is 4.0.9 or higher in WordPress admin

📡 Detection & Monitoring

Log Indicators:

  • Unusual admin activity modifying plugin settings
  • JavaScript injection in plugin configuration fields

Network Indicators:

  • Suspicious script tags in HTTP responses from plugin-protected pages

SIEM Query:

source="wordpress" AND (event="plugin_edit" OR event="settings_update") AND plugin="secure-copy-content-protection"

📊 Metadata

CVE ID: CVE-2024-6138
CVSS v3 Score: 4.8 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79
Published: July 11, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-6138, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)