Plattform
wordpress
Komponente
secure-copy-content-protection
Behoben in
4.9.3
CVE-2025-14159 describes a Cross-Site Request Forgery (XSRF) vulnerability affecting the Secure Copy Content Protection and Content Locking plugin for WordPress. This flaw allows unauthenticated attackers to export sensitive plugin data, potentially exposing user information. The vulnerability impacts versions from 0.0.0 through 4.9.2, and a fix is available in version 4.9.3.
The primary impact of CVE-2025-14159 is the unauthorized export of sensitive plugin data. An attacker can craft a malicious request that, if triggered by a site administrator, will export data stored within the plugin. This data includes email addresses, IP addresses, physical addresses, user IDs, and potentially other user-related information. The description indicates the exported data is stored in a publicly accessible location, significantly increasing the risk of exposure. This vulnerability could lead to privacy breaches, identity theft, and potential reputational damage for websites using the affected plugin.
CVE-2025-14159 was publicly disclosed on December 12, 2025. There is no indication of it being on the CISA KEV catalog at this time. The vulnerability's reliance on tricking a site administrator into performing an action suggests a lower probability of widespread exploitation compared to vulnerabilities that can be exploited without user interaction. Public proof-of-concept (POC) code is currently unknown, but the relatively straightforward nature of XSRF vulnerabilities suggests that a POC may emerge.
Websites utilizing the Secure Copy Content Protection and Content Locking plugin, particularly those with site administrators who are susceptible to social engineering attacks, are at risk. Shared hosting environments where multiple websites share the same server resources are also at increased risk, as a compromise of one site could potentially impact others.
• wordpress / composer / npm:
grep -r 'ays_sccp_results_export_file' /var/www/html/wp-content/plugins/• wordpress / composer / npm:
wp plugin list --status=inactive | grep secure-copy-content-protection• wordpress / composer / npm:
wp plugin update --all• generic web: Check WordPress plugin directory for updated version 4.9.3 or later. • generic web: Review WordPress access logs for suspicious AJAX requests to 'ayssccpresultsexportfile'.
disclosure
Exploit-Status
EPSS
0.02% (4% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-14159 is to immediately upgrade the Secure Copy Content Protection and Content Locking plugin to version 4.9.3 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider temporarily disabling the plugin's export functionality. While not a complete solution, this reduces the attack surface. Implement strict user access controls and educate administrators about the risks of clicking on suspicious links. Monitor WordPress access logs for unusual AJAX requests targeting the 'ayssccpresultsexportfile' action. After upgrading, confirm the vulnerability is resolved by attempting an export action with a non-administrator user and verifying that it is denied.
Aktualisieren Sie auf Version 4.9.3 oder eine neuere gepatchte Version
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-14159 is a Cross-Site Request Forgery (XSRF) vulnerability in the Secure Copy Content Protection WordPress plugin, allowing attackers to export sensitive data.
You are affected if you are using the Secure Copy Content Protection plugin in versions 0.0.0 through 4.9.2.
Upgrade the plugin to version 4.9.3 or later to resolve the vulnerability. Temporarily disable export functionality if upgrading is not immediately possible.
There is currently no confirmed evidence of active exploitation, but the vulnerability's nature suggests potential for future attacks.
Refer to the plugin developer's website or WordPress plugin repository for the official advisory and update information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.