Login Sign Up

CVE-2024-6690

6.1 MEDIUM
Open Redirect

📋 TL;DR

The wccp-pro WordPress plugin before version 15.3 contains an open redirect vulnerability via the referrer parameter. This allows attackers to redirect users to malicious external sites, potentially leading to phishing attacks or malware distribution. WordPress sites using vulnerable versions of this plugin are affected.

💻 Affected Systems

Products:
  • wccp-pro WordPress plugin
Versions: All versions before 15.3
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects WordPress sites with the wccp-pro plugin installed and activated.

📦 What is this software?

Wp Content Copy Protection \& No Right Click by Wp Buy

View all CVEs affecting Wp Content Copy Protection \& No Right Click →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Users are redirected to phishing sites that steal credentials or install malware, leading to account compromise, data theft, or ransomware infection.

🟠

Likely Case

Attackers use the redirect for phishing campaigns, tricking users into entering credentials on fake login pages.

🟢

If Mitigated

Users notice the redirect and avoid interacting with malicious sites, limiting impact to potential reputation damage.

🌐 Internet-Facing: HIGH
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires crafting a malicious URL with the referrer parameter pointing to an external site.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 15.3

Vendor Advisory: https://wpscan.com/vulnerability/09c6848d-30dc-4382-ae74-b470f586e142/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find wccp-pro plugin. 4. Click 'Update Now' if update is available. 5. Alternatively, download version 15.3+ from WordPress repository and manually update.

🔧 Temporary Workarounds

Disable wccp-pro plugin

all

Temporarily deactivate the vulnerable plugin until patched.

wp plugin deactivate wccp-pro

Web Application Firewall rule

all

Block requests containing malicious referrer parameters.

🧯 If You Can't Patch

  • Implement strict Content Security Policy (CSP) headers to restrict redirects
  • Monitor web server logs for suspicious referrer parameter patterns

🔍 How to Verify

Check if Vulnerable:

Check plugin version in WordPress admin under Plugins > Installed Plugins. If wccp-pro version is below 15.3, it's vulnerable.

Check Version:

wp plugin list --name=wccp-pro --field=version

Verify Fix Applied:

Confirm wccp-pro plugin version is 15.3 or higher in WordPress admin.

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests with referrer parameter containing external domains
  • Multiple redirect responses (302/301) to unfamiliar domains

Network Indicators:

  • Unusual outbound redirects from WordPress site
  • Traffic to known malicious domains following site visits

SIEM Query:

SELECT * FROM web_logs WHERE url LIKE '%referrer=%' AND (url LIKE '%http://%' OR url LIKE '%https://%') AND NOT url LIKE '%yourdomain.com%'

📊 Metadata

CVE ID: CVE-2024-6690
CVSS v3 Score: 6.1 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-601
EPSS Score: 0.15% exploit probability (35.9th percentile)
Published: May 15, 2025
Last Updated: June 11, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-6690, you might also want to check these:

CVE-2025-43526 9.8

A URL validation vulnerability in macOS and Safari allows web content opened via file URLs to bypass...

Same vulnerability type (CWE-601)
CVE-2025-55031 9.8

This vulnerability in Firefox and Focus for iOS allows malicious web pages to trigger hybrid passkey...

Same vulnerability type (CWE-601)
CVE-2024-22891 9.8

CVE-2024-22891 is a critical remote code execution vulnerability in Nteract v0.28.0 that allows atta...

Same vulnerability type (CWE-601)