Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2024-6690
CVE-2024-6690:
WordPress vulnerability analysis and mitigation
Overview
The wccp-pro WordPress plugin (WP Content Copy Protection & No Right Click premium) before version 15.3 contains an open-redirect vulnerability identified as CVE-2024-6690. The vulnerability was publicly disclosed on May 29, 2024, and was discovered by security researcher Esther Nambuya (WPScan).
Technical details
The vulnerability is classified as an open-redirect flaw that exists in the referrer parameter of the plugin. It has been assigned a CVSS score of 4.3 (medium severity) and is categorized under CWE-601. The vulnerability falls under the OWASP Top 10 category A1: Injection. A proof of concept exploit involves accessing the path '/wp-content/plugins/wccp-pro/no-js.php?referrer=' with an external URL (WPScan).
Impact
When exploited, this vulnerability allows malicious actors to redirect users to external sites, potentially leading to phishing attacks or directing users to malicious websites (Wiz).
Mitigation and workarounds
The vulnerability has been fixed in version 15.3 of the wccp-pro WordPress plugin. Users are advised to update to this version or later to mitigate the risk (WPScan).
Additional resources
Source: This report was generated using AI
Related WordPress vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management