Skip to main content

Secure Copy Content Protection And Content Locking EUVD-2026-36387

| CVE-2026-9269 LOW
2026-06-12 WPScan GHSA-fxh5-p8jw-9g3v
XSS WordPress Secure Copy Content Protection And Content Locking
3.5
CVSS 3.1 · Vendor: WPScan

Severity by source

Vendor (WPScan) PRIMARY
3.5 LOW
AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

Primary rating from Vendor (WPScan) · only source for this CVE.

CVSS VectorVendor: WPScan

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

2
Patch available
Jun 12, 2026 - 08:16 EUVD
CVE Published
Jun 12, 2026 - 06:00 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

The Secure Copy Content Protection and Content Locking WordPress plugin before 5.1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Analysis

The Secure Copy Content Protection and Content Locking WordPress plugin before 5.1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-36387 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy