CVE-2025-1404
Secure Copy Content Protection and Content Locking <= 4.4.7 - Missing Authorization to Unauthenticated User Email Retrieval via ays_sccp_reports_user_search Function
CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th
The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_sccp_reports_user_search() function in all versions up to, and including, 4.4.7. This makes it possible for unauthenticated attackers to retrieve a list of registered user emails.
| CWE | CWE-862 |
| Vendor | ays-pro |
| Product | secure copy content protection and content locking |
| Published | Mar 1, 2025 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for ays-pro secure copy content protection and content locking
Be the first to know when new medium vulnerabilities affecting ays-pro secure copy content protection and content locking are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
ays-pro / Secure Copy Content Protection and Content Locking
0 โค 4.4.7
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/7363b5de-db30-4b35-b701-5c8f2835ec6c?source=cve wordpress.org: https://wordpress.org/plugins/secure-copy-content-protection/#developers plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/secure-copy-content-protection/tags/4.4.6/admin/class-secure-copy-content-protection-admin.php#L943 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/secure-copy-content-protection/tags/4.4.6/admin/js/secure-copy-content-protection-admin.js plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset/3246301
Credits
Krzysztof Zajฤ
c