id: CVE-2024-6690

info:
  name: WP Content Copy Protection & No Right Click - Open Redirect
  author: 0x_Akoko
  severity: medium
  description: |
    The WP Content Copy Protection & No Right Click plugin before version 15.3 contains an open-redirect vulnerability via the referrer parameter in no-js.php, allowing redirection of users to external sites.
  impact: |
    Attackers can redirect users to malicious external sites, facilitating phishing or malware distribution.
  remediation: |
    Update to version 15.3 or later.
  reference:
    - https://wpscan.com/vulnerability/09c6848d-30dc-4382-ae74-b470f586e142/
    - https://nvd.nist.gov/vuln/detail/CVE-2024-6690
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2024-6690
    cwe-id: CWE-601
    epss-score: 0.002
    epss-percentile: 0.42201
    cpe: cpe:2.3:a:wp-buy:wp_content_copy_protection_\&_no_right_click:*:*:*:*:pro:wordpress:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: wp-buy
    product: wp_content_copy_protection_\&_no_right_click
    framework: wordpress
  tags: cve,cve2024,wordpress,wp-plugin,redirect,wccp-pro,unauth,vkev

http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/plugins/wccp-pro/no-js.php?referrer=https://oast.pro"

    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)oast\.pro.*$'
        part: header

      - type: status
        status:
          - 302
# digest: 4b0a00483046022100b0f6a6edb06c312ef3eb874b06fdfc5e7effe58a94384f7c9585a167865f8131022100c52dda3991d78dbc3c762782125cf36b7a2daa0fc9421593bde9a758199a104a:922c64590222798bb761d5b6d8e72950