CVE-2024-6693

WP Content Copy Protection & No Right Click (premium) <= 15.0 - Admin+ Stored XSS

Description

The wccp-pro WordPress plugin before 15.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

INFO

Published Date :

2025-05-15T20:07:08.961Z

Last Modified :

2025-05-20T19:23:57.320Z

Source :

WPScan

AFFECTED PRODUCTS

The following products are affected by CVE-2024-6693 vulnerability.

Vendors	Products
Wp-buy	Wp Content Copy Protection \& No Right Click

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-6693.

URL	Resource
https://wpscan.com/vulnerability/2b1af7eb-452a-43f4-aae9-edd8e7312fe8/

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact