The Content Copy Protection & Prevent Image Save WordPress plugin up to and including 1.3 does not check for CSRF when saving its settings, not perform any validation and sanitisation on them, allowing malicious users to make a logged in administrator set arbitrary XSS payloads in them.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
content copy protection \\& prevent image save project content copy protection \\& prevent image save |