CVE-2026-49046

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Arjun Thakur Duplicate Page and Post allows Blind SQL Injection. This issue affects Duplicate Page and Post: from n/a through 2.9.5...

CVE-2026-49046

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Arjun Thakur Duplicate Page and Post allows Blind SQL Injection. This issue affects Duplicate Page and Post: from n/a through 2.9.5...

EUVD-2026-32539

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Arjun Thakur Duplicate Page and Post allows Blind SQL Injection. This issue affects Duplicate Page and Post: from n/a through 2.9.5...

WordPress plugin Duplicate Page and Post SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress plugin atec Duplicate Page & Post has an unspecified vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerability exists in WordPress plugin atec Duplicate Page & Post 1.2.20 and earli...

CVE-2025-13404

The atec Duplicate Page & Post plugin for WordPress is vulnerable to unauthorized post duplication due to missing authorization validation on the duplicatepost function in all versions up to, and including, 1.2.20. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2025-6189

The Duplicate Page and Post plugin for WordPress is vulnerable to time-based SQL Injection via the ‘metakey’ parameter in all versions up to, and including, 2.9.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...

CVE-2025-6189

CVE-2025-6189 affects the WordPress plugin “Duplicate Page and Post” (versions up to 2.9.5). The issue is a time-based SQL Injection via the meta_key parameter caused by insufficient escaping and improper SQL query preparation. Exploitation requires authenticated access at Contributor level or hi...

CVE-2025-6189 Duplicate Page and Post <= 2.9.5 - Authenticated (Contributor+) SQL Injection via meta_key Parameter

The Duplicate Page and Post plugin for WordPress is vulnerable to time-based SQL Injection via the ‘metakey’ parameter in all versions up to, and including, 2.9.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...

CVE-2025-6189 Duplicate Page and Post <= 2.9.5 - Authenticated (Contributor+) SQL Injection via meta_key Parameter

The Duplicate Page and Post plugin for WordPress is vulnerable to time-based SQL Injection via the ‘metakey’ parameter in all versions up to, and including, 2.9.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...

CVE-2022-2152

The Duplicate Page and Post WordPress plugin before 2.8 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-2152

The Duplicate Page and Post WordPress plugin before 2.8 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

Duplicate Page and Post Plugin < 2.8 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the "Duplicate Post Suffix" or "Duplicate Link Text" settings: "alert/XSS/...