CVE-2025-14159
CSRF in Secure Copy Plugin Allows Sensitive Data Export
Publication date: 2025-12-12
Last updated on: 2025-12-12
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | secure_copy_content_protection | 4.9.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves a Cross-Site Request Forgery (CSRF) attack exploiting the 'ays_sccp_results_export_file' AJAX action in the Secure Copy Content Protection WordPress plugin versions up to 4.9.2. Detection can focus on monitoring for unauthorized or suspicious POST requests to the AJAX endpoint related to 'ays_sccp_results_export_file'. You can check your web server logs for POST requests targeting admin-ajax.php with the action parameter set to 'ays_sccp_results_export_file'. For example, using grep on Apache or Nginx logs: grep 'action=ays_sccp_results_export_file' /var/log/apache2/access.log. Additionally, monitoring for unexpected file exports or new publicly accessible files containing sensitive data may indicate exploitation. Since the vulnerability requires tricking an admin into clicking a link, monitoring admin user activity and unusual export file downloads can also help detect exploitation attempts. No specific commands are provided in the resources, but log inspection as described is a practical approach.
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) issue in the Secure Copy Content Protection and Content Locking plugin for WordPress, affecting all versions up to 4.9.2. It occurs because the plugin lacks nonce validation on a specific AJAX action ('ays_sccp_results_export_file'), allowing unauthenticated attackers to trick a site administrator into exporting sensitive plugin data by making them perform an action like clicking a malicious link.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized export of sensitive user data such as email addresses, IP addresses, physical addresses, and user IDs. Since the exported data is stored in a publicly accessible file, attackers can access this information without authentication, potentially leading to privacy breaches and misuse of personal data.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately update the Secure Copy Content Protection and Content Locking plugin for WordPress to a version later than 4.9.2 where the nonce validation issue is fixed. Additionally, avoid clicking on suspicious links that could trigger forged requests, and restrict access to the plugin's export functionality to trusted users only.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthenticated attackers to export sensitive user data such as email addresses, IP addresses, physical addresses, and user IDs by exploiting a Cross-Site Request Forgery flaw. This exposure of personal and sensitive information could lead to non-compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal data against unauthorized access and breaches. Therefore, organizations using affected versions of the plugin may face compliance risks due to potential unauthorized disclosure of protected user information.