WordPress plugin WP Duplicate Page 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress WP Duplicate Page plugin <= 1.7 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Disclosure vulnerability

Missing Authorization to Authenticated Contributor+ Sensitive Information Disclosure vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin WP Duplicate Page versions = 1.7...

EUVD-2021-11987

Malware in sbrugna...

CVE-2025-6189

The Duplicate Page and Post plugin for WordPress is vulnerable to time-based SQL Injection via the ‘metakey’ parameter in all versions up to, and including, 2.9.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...

CVE-2022-2093

The WP Duplicate Page WordPress plugin before 1.3 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

CVE-2021-25075

The Duplicate Page or Post WordPress plugin before 1.5.1 does not have any authorisation and has a flawed CSRF check in the wpdevartduplicatepostparametrssaveindb AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin's settings, or perform such attack...

WordPress WP Duplicate Page plugin <= 1.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Sachin Bahl eSec Forte Technologies Pvt Ltd in WordPress WP Duplicate Page plugin versions = 1.2. Solution Update the WordPress WP Duplicate Page plugin to the latest available version at least 1.3...

CVE-2021-25075

The Duplicate Page or Post WordPress plugin before 1.5.1 does not have any authorisation and has a flawed CSRF check in the wpdevartduplicatepostparametrssaveindb AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin's settings, or perform such attack...

CVE-2021-24681

The Duplicate Page WordPress plugin through 4.4.2 does not sanitise or escape the Duplicate Post Suffix settings before outputting it, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

WordPress 插件 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress Duplicate Page plugin 4.4.2 and earlier versions, whi...

PT-2021-16191

Name of the Vulnerable Software and Affected Versions Duplicate Page WordPress plugin versions 4.4.2 and earlier Description The issue allows high privilege users to perform Stored Cross-Site Scripting attacks due to the lack of sanitization or escaping of the Duplicate Post Suffix settings befor...

Duplicate Page Plugin for WordPress < 3.4 SQL Injection

The WordPress Duplicate Page Plugin installed on the remote host is affected by a SQL injection vulnerability due to improper sanitization of user-supplied input passed via the 'post' parameter for dtduplicatepostasdraft 'action' parameter. A remote attacker can exploit this issue to manipulate S...