Secure Copy Content Protection and Content Locking, a WordPress plugin, prior to 2.8.2 is affected by an unauthenticated SQL injection via the sccp_id[] parameter. Remote attackers can exploit this vulnerability to dump usernames and password hashes from thewp_users table of the affected WordPress installation. These password hashes can then be cracked offline using tools such as Hashcat to obtain valid login credentials for the affected WordPress installation.
a16f33882a4042dbb5483766850b39941b6501b9b0173d5fdf5fb279b10a5e47
WordPress Secure Copy Content Protection and Content Locking plugin version 2.8.1 suffers from a remote SQL injection vulnerability.
cb1ff4a94966973a9f9745f4956453fdb970465f7f6d6d0343ce60a252705807