WordPress CopyRightPro Plugin <= 2.1 is vulnerable to Cross Site Request Forgery (CSRF)
No known patch is available for this vulnerability.
The affected plugin has been removed from the WordPress.org directory (reason: Security Issue), and no patched version is being distributed through the official directory. If you have the affected software installed, you should uninstall or replace it rather than wait for an update.
Description
Cross-Site Request Forgery (CSRF) vulnerability in CopyRightPro plugin up to version 2.1 allows attackers to perform unauthorized actions on behalf of authenticated users.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cross-Site Request Forgery (CSRF) vulnerability in CopyRightPro plugin up to version 2.1 allows attackers to perform unauthorized actions on behalf of authenticated users.
Vulnerability
A Cross-Site Request Forgery (CSRF) vulnerability exists in the CopyRightPro plugin for WordPress versions up to and including 2.1. The plugin does not properly verify nonces or implement CSRF tokens, allowing attackers to forge requests that appear legitimate from an authenticated user.
Exploitation
An attacker can craft a malicious link or page and trick an authenticated administrator into clicking it while they are logged into WordPress. No special network position or authentication is required for the attacker; only user interaction from an admin is needed.
Impact
Successful exploitation allows an attacker to perform unauthorized actions on behalf of the admin, such as modifying plugin settings, updating content, or carrying out other administrative functions. This can lead to data integrity compromise and potential further attacks.
Mitigation
The CopyRightPro plugin has been closed and removed from the WordPress.org plugin directory as of September 12, 2023 due to a security issue [1]. No patched version is available. Users who have the plugin installed should immediately delete and uninstall it from their WordPress installations.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2<=2.1+ 1 more
- (no CPE)range: <=2.1
- (no CPE)range: n/a
Patches
0copyrightproThis plugin has been removed from the WordPress.org directory on 2023-09-12 (reason: Security Issue). No patched version is being distributed through the official directory. Users who have it installed should uninstall it.
Source: api.wordpress.org · directory page
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.