Plataforma
wordpress
Componente
copyscape-premium
Corrigido em
1.4.2
CVE-2026-24966 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in Copyscape Premium. This flaw allows an attacker to trick authenticated users into unknowingly performing actions they did not intend, potentially leading to unauthorized modifications or deletions within the Copyscape Premium plugin. The vulnerability impacts versions from 0.0.0 up to and including 1.4.1, and a fix is available in version 1.4.2.
A successful CSRF attack against Copyscape Premium could allow an attacker to manipulate user settings, potentially altering plagiarism detection configurations or even deleting user accounts. The attacker would need to craft a malicious request and entice a legitimate user to click a link or visit a webpage containing the crafted request. Given Copyscape Premium's role in content originality checks, unauthorized modifications could have significant implications for website owners and content creators relying on the plugin's functionality. While the direct impact might be limited to the plugin's features, a compromised Copyscape Premium installation could be a stepping stone for further attacks if other vulnerabilities exist within the WordPress environment.
CVE-2026-24966 was publicly disclosed on 2026-02-03. No public proof-of-concept (POC) code has been released at the time of writing. The vulnerability's EPSS score is likely low to medium, given the reliance on social engineering to execute the attack. It is not currently listed on the CISA KEV catalog.
Websites utilizing Copyscape Premium plugin versions 0.0.0 through 1.4.1 are at risk. This includes WordPress sites heavily reliant on plagiarism detection for content management and those with shared hosting environments where plugin updates may be delayed or managed by the hosting provider.
• wordpress / composer / npm:
grep -r 'copyscape_premium_settings_url' /var/www/html/wp-content/plugins/• generic web:
curl -I https://example.com/copyscape_premium_settings_url | grep -i 'csrf-token'disclosure
Status do Exploit
EPSS
0.02% (percentil 4%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2026-24966 is to immediately upgrade Copyscape Premium to version 1.4.2 or later. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider implementing stricter Content Security Policy (CSP) headers to restrict the sources from which scripts can be executed. Additionally, employing a Web Application Firewall (WAF) with CSRF protection rules can help block malicious requests. Regularly review Copyscape Premium’s configuration and user permissions to minimize potential damage from a successful attack. After upgrading, verify the fix by attempting a CSRF attack using a known payload and confirming that the request is blocked or ignored.
Atualize para a versão 1.4.2, ou uma versão corrigida mais recente
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2026-24966 is a Cross-Site Request Forgery (CSRF) vulnerability affecting Copyscape Premium versions 0.0.0–1.4.1, allowing attackers to perform unauthorized actions.
You are affected if you are using Copyscape Premium version 0.0.0 through 1.4.1. Upgrade to 1.4.2 or later to mitigate the risk.
Upgrade Copyscape Premium to version 1.4.2 or later. Consider implementing CSP headers and a WAF as additional security measures.
There is no confirmed active exploitation of CVE-2026-24966 at this time, but it's crucial to apply the patch proactively.
Refer to the Copyscape Premium website or their official security advisory page for the latest information and updates regarding CVE-2026-24966.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.