WordPress Duplicate Page plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress Duplicate Page plugin 4.4.2 and earlier versions have a cross-site scripting vulnerability that stems from the plugin’s failure to clean up or escape Duplication Post Suffix settings before output. An attacker could use this vulnerability to execute JavaScript code on the client side.