Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    2 vulnerabilities found for Content Copy Protection & Prevent Image Save by Unknown

    CVE-2021-24333 (GCVE-0-2021-24333)

    Vulnerability from cvelistv5 – Published: 2021-06-01 11:33 – Updated: 2024-08-03 19:28
    VLAI
    Title
    Content Copy Protection & Prevent Image Save <= 1.3 - CSRF to Stored Cross-Site Scripting (XSS)
    Summary
    The Content Copy Protection & Prevent Image Save WordPress plugin through 1.3 does not check for CSRF when saving its settings, not perform any validation and sanitisation on them, allowing attackers to make a logged in administrator set arbitrary XSS payloads in them.
    Severity
    No CVSS data available.
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    Impacted products
    Credits
    m0ze
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:28:23.400Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/c722f8d0-f86b-41c2-9f1f-48e475e22864"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://m0ze.ru/exploit/csrf-prevent-content-copy-image-save-v1.3.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-352%5D-Content-Copy-Protection-Prevent-Image-Save-WordPress-Plugin-v1.3.txt"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-79%5D-Content-Copy-Protection-Prevent-Image-Save-WordPress-Plugin-v1.3.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Content Copy Protection \u0026 Prevent Image Save",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThanOrEqual": "1.3",
                  "status": "affected",
                  "version": "1.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "m0ze"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Content Copy Protection \u0026 Prevent Image Save WordPress plugin through 1.3 does not check for CSRF when saving its settings, not perform any validation and sanitisation on them, allowing attackers to make a logged in administrator set arbitrary XSS payloads in them."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-01T11:33:31.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wpscan.com/vulnerability/c722f8d0-f86b-41c2-9f1f-48e475e22864"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://m0ze.ru/exploit/csrf-prevent-content-copy-image-save-v1.3.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-352%5D-Content-Copy-Protection-Prevent-Image-Save-WordPress-Plugin-v1.3.txt"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-79%5D-Content-Copy-Protection-Prevent-Image-Save-WordPress-Plugin-v1.3.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Content Copy Protection \u0026 Prevent Image Save \u003c= 1.3 - CSRF to Stored Cross-Site Scripting (XSS)",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2021-24333",
              "STATE": "PUBLIC",
              "TITLE": "Content Copy Protection \u0026 Prevent Image Save \u003c= 1.3 - CSRF to Stored Cross-Site Scripting (XSS)"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Content Copy Protection \u0026 Prevent Image Save",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1.3",
                                "version_value": "1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "m0ze"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Content Copy Protection \u0026 Prevent Image Save WordPress plugin through 1.3 does not check for CSRF when saving its settings, not perform any validation and sanitisation on them, allowing attackers to make a logged in administrator set arbitrary XSS payloads in them."
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/c722f8d0-f86b-41c2-9f1f-48e475e22864",
                  "refsource": "CONFIRM",
                  "url": "https://wpscan.com/vulnerability/c722f8d0-f86b-41c2-9f1f-48e475e22864"
                },
                {
                  "name": "https://m0ze.ru/exploit/csrf-prevent-content-copy-image-save-v1.3.html",
                  "refsource": "MISC",
                  "url": "https://m0ze.ru/exploit/csrf-prevent-content-copy-image-save-v1.3.html"
                },
                {
                  "name": "https://m0ze.ru/vulnerability/[2021-03-29]-[WordPress]-[CWE-352]-Content-Copy-Protection-Prevent-Image-Save-WordPress-Plugin-v1.3.txt",
                  "refsource": "MISC",
                  "url": "https://m0ze.ru/vulnerability/[2021-03-29]-[WordPress]-[CWE-352]-Content-Copy-Protection-Prevent-Image-Save-WordPress-Plugin-v1.3.txt"
                },
                {
                  "name": "https://m0ze.ru/vulnerability/[2021-03-29]-[WordPress]-[CWE-79]-Content-Copy-Protection-Prevent-Image-Save-WordPress-Plugin-v1.3.txt",
                  "refsource": "MISC",
                  "url": "https://m0ze.ru/vulnerability/[2021-03-29]-[WordPress]-[CWE-79]-Content-Copy-Protection-Prevent-Image-Save-WordPress-Plugin-v1.3.txt"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2021-24333",
        "datePublished": "2021-06-01T11:33:31.000Z",
        "dateReserved": "2021-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:28:23.400Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-24333 (GCVE-0-2021-24333)

    Vulnerability from nvd – Published: 2021-06-01 11:33 – Updated: 2024-08-03 19:28
    VLAI
    Title
    Content Copy Protection & Prevent Image Save <= 1.3 - CSRF to Stored Cross-Site Scripting (XSS)
    Summary
    The Content Copy Protection & Prevent Image Save WordPress plugin through 1.3 does not check for CSRF when saving its settings, not perform any validation and sanitisation on them, allowing attackers to make a logged in administrator set arbitrary XSS payloads in them.
    Severity
    No CVSS data available.
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    Impacted products
    Credits
    m0ze
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:28:23.400Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/c722f8d0-f86b-41c2-9f1f-48e475e22864"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://m0ze.ru/exploit/csrf-prevent-content-copy-image-save-v1.3.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-352%5D-Content-Copy-Protection-Prevent-Image-Save-WordPress-Plugin-v1.3.txt"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-79%5D-Content-Copy-Protection-Prevent-Image-Save-WordPress-Plugin-v1.3.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Content Copy Protection \u0026 Prevent Image Save",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThanOrEqual": "1.3",
                  "status": "affected",
                  "version": "1.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "m0ze"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Content Copy Protection \u0026 Prevent Image Save WordPress plugin through 1.3 does not check for CSRF when saving its settings, not perform any validation and sanitisation on them, allowing attackers to make a logged in administrator set arbitrary XSS payloads in them."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-01T11:33:31.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wpscan.com/vulnerability/c722f8d0-f86b-41c2-9f1f-48e475e22864"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://m0ze.ru/exploit/csrf-prevent-content-copy-image-save-v1.3.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-352%5D-Content-Copy-Protection-Prevent-Image-Save-WordPress-Plugin-v1.3.txt"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-79%5D-Content-Copy-Protection-Prevent-Image-Save-WordPress-Plugin-v1.3.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Content Copy Protection \u0026 Prevent Image Save \u003c= 1.3 - CSRF to Stored Cross-Site Scripting (XSS)",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2021-24333",
              "STATE": "PUBLIC",
              "TITLE": "Content Copy Protection \u0026 Prevent Image Save \u003c= 1.3 - CSRF to Stored Cross-Site Scripting (XSS)"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Content Copy Protection \u0026 Prevent Image Save",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1.3",
                                "version_value": "1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "m0ze"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Content Copy Protection \u0026 Prevent Image Save WordPress plugin through 1.3 does not check for CSRF when saving its settings, not perform any validation and sanitisation on them, allowing attackers to make a logged in administrator set arbitrary XSS payloads in them."
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/c722f8d0-f86b-41c2-9f1f-48e475e22864",
                  "refsource": "CONFIRM",
                  "url": "https://wpscan.com/vulnerability/c722f8d0-f86b-41c2-9f1f-48e475e22864"
                },
                {
                  "name": "https://m0ze.ru/exploit/csrf-prevent-content-copy-image-save-v1.3.html",
                  "refsource": "MISC",
                  "url": "https://m0ze.ru/exploit/csrf-prevent-content-copy-image-save-v1.3.html"
                },
                {
                  "name": "https://m0ze.ru/vulnerability/[2021-03-29]-[WordPress]-[CWE-352]-Content-Copy-Protection-Prevent-Image-Save-WordPress-Plugin-v1.3.txt",
                  "refsource": "MISC",
                  "url": "https://m0ze.ru/vulnerability/[2021-03-29]-[WordPress]-[CWE-352]-Content-Copy-Protection-Prevent-Image-Save-WordPress-Plugin-v1.3.txt"
                },
                {
                  "name": "https://m0ze.ru/vulnerability/[2021-03-29]-[WordPress]-[CWE-79]-Content-Copy-Protection-Prevent-Image-Save-WordPress-Plugin-v1.3.txt",
                  "refsource": "MISC",
                  "url": "https://m0ze.ru/vulnerability/[2021-03-29]-[WordPress]-[CWE-79]-Content-Copy-Protection-Prevent-Image-Save-WordPress-Plugin-v1.3.txt"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2021-24333",
        "datePublished": "2021-06-01T11:33:31.000Z",
        "dateReserved": "2021-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:28:23.400Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }