From this webpage screenshot, the following key vulnerability information can be obtained: 1. Plugin Name: Secure Copy Content Protection and Content Locking < 4.1.7 - Admin+ Stored XSS 2. Description: The plugin does not sanitize or escape certain settings, allowing high-privileged users (such as administrators) to perform stored cross-site scripting attacks when unfiltered HTML capabilities are disabled. 3. Proof of Concept: - Step 1: Access - Step 2: Enter the payload in the "Custom CSS" text area. - Step 3: View the XSS on the frontend. 4. Affected Plugin: (fixed in version 4.1.7) 5. Reference: CVE-2024-6388 6. Classification: - Type: XSS - OWASP Top 10: A7: Cross-Site Scripting (XSS) - CWE: CWE-79 7. Additional Information: - Original Researcher: bob.matyas@automattic.com - Submitter: Bob Matyas - Submitter Website: https://www.bobmatyas.com - Submitter Twitter: bobmatyas - Verified: Yes - WPVDB ID: f4df74c2-4c95-4d1c-97c1-ebfc225f6b93 - Published Date: 2024-08-13 - Added Date: 2024-08-13 - Last Updated: 2024-08-13 - Other Vulnerabilities Listed: - JobSearch < 1.5.6 - Unauthenticated Reflected XSS - Compact WP Audio Player < 1.9.8 - Contributor+ Stored XSS - Goya < 1.0.8.8 - Unauthenticated Reflected Cross-Site Scripting via Multiple Parameters - Quick Paypal Payments < 5.7.26 - Contributor+ Stored XSS - ReDi Restaurant Reservation < 24.0303 - Reflected Cross-Site Scripting