CVE Catalog

CVE-2026-9269

LowCVSS 3.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.03%

9th percentile — higher than 9% of all known CVEs

Summary

The Secure Copy Content Protection and Content Locking WordPress plugin before version 5.1.5 does not sanitize and escape some of its settings, which could allow high privilege users such as admins to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Risk Assessment

The organization may be exposed to XSS attacks that could lead to data theft or account takeover, jeopardizing system security.

Recommendation

It is recommended to update the plugin to version 5.1.5 or later to mitigate this vulnerability and conduct a security audit to identify potential threats.

Original NVD description (English source)

The Secure Copy Content Protection and Content Locking WordPress plugin before 5.1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Vulnerability data from NVD (NIST) · CISA KEV · EPSS