From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Plugin Name: Secure Copy Content Protection and Content Locking < 4.1.7 - Admin+ Stored XSS 2. Description: The plugin does not sanitize or escape certain settings, allowing high-privileged users (such as administrators) to perform stored cross-site scripting attacks when unfiltered HTML capabilities are disabled. 3. Proof of Concept: - Navigate to “Copy Protection”. - Go to the “Styles” tab. - Enter the payload in the “Custom class for tooltip container” field. - Save settings and trigger the XSS. 4. Affected Plugin: , fixed in version 4.1.7. 5. References: - CVE: Not assigned. - URL: https://research.cleantalk.org/cve-2024-6889/ 6. Classification: - Type: XSS - OWASP Top 10: A7: Cross-Site Scripting (XSS) - CWE: CWE-79 7. Additional Information: - Original Researcher: Dmitrii Ignatyev - Submitter: Dmitrii Ignatyev - Submitter Website: https://www.linkedin.com/in/dmitriy-ignatyev-8a9189267/ - Verified: Yes - WPVDB ID: 9651abd1-0f66-418e-85a7-2de0c5e91bed - Timeline: - Public Release: 2024-08-13 (approximately 22 days ago) - Added: 2024-08-13 (approximately 22 days ago) - Last Updated: 2024-08-13 (approximately 22 days ago) - Other Vulnerabilities: - WP Custom Fields Search < 1.0 - Unauthenticated Reflected Cross-Site Scripting (XSS) - Libsyn Publisher Hub <= 1.4.4 - Reflected XSS - Broken Link Checker < 1.11.20 - Admin+ Cross-Site Scripting - Enable SVG, WebP & ICO Upload <= 1.0.3 - Author+ Stored XSS - Countdown and CountUp, WooCommerce Sales Timer <= 1.8.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings This information provides a detailed description of the plugin vulnerability and its resolution.