42 matches found
EUVD-2026-41249
The Insert Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post custom field keys meta key names in all versions up to, and including, 3.11.4. This is due to insufficient output escaping in the themeta function: while the custom field VALUE is sanitized with wpksespost...
CVE-2026-10089 Insert Pages <= 3.11.4 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Field Keys (Meta Key Names)
The Insert Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post custom field keys meta key names in all versions up to, and including, 3.11.4. This is due to insufficient output escaping in the themeta function: while the custom field VALUE is sanitized with wpksespost...
CVE-2026-7761
The Ultimate Member plugin for WordPress is vulnerable to Account Takeover via Password Reset Link Disclosure in all versions up to and including 2.11.4. This is due to a chain of three logic bugs: 1 an MD5 hash fallback in getdirectorybyhash that allows any post to be used as a member directory ...
CVE-2026-2893
The Page and Post Clone plugin for WordPress is vulnerable to SQL Injection via the 'metakey' parameter in the contentclone function in all versions up to, and including, 6.3. This is due to insufficient escaping on the user-supplied metakey value and insufficient preparation on the existing SQL...
EUVD-2026-9811
The Page and Post Clone plugin for WordPress is vulnerable to SQL Injection via the 'metakey' parameter in the contentclone function in all versions up to, and including, 6.3. This is due to insufficient escaping on the user-supplied metakey value and insufficient preparation on the existing SQL...
CVE-2026-2893
The Page and Post Clone plugin for WordPress is vulnerable to SQL Injection via the 'metakey' parameter in the contentclone function in all versions up to, and including, 6.3. This is due to insufficient escaping on the user-supplied metakey value and insufficient preparation on the existing SQL...
CVE-2026-2893
The Page and Post Clone plugin for WordPress is vulnerable to SQL Injection via the 'metakey' parameter in the contentclone function in all versions up to, and including, 6.3. This is due to insufficient escaping on the user-supplied metakey value and insufficient preparation on the existing SQL...
CVE-2026-2893 Page and Post Clone <= 6.3 - Authenticated (Contributor+) SQL Injection via 'meta_key' Parameter
The Page and Post Clone plugin for WordPress is vulnerable to SQL Injection via the 'metakey' parameter in the contentclone function in all versions up to, and including, 6.3. This is due to insufficient escaping on the user-supplied metakey value and insufficient preparation on the existing SQL...
CVE-2026-2893
CVE-2026-2893 : The Page and Post Clone plugin for WordPress is vulnerable to a SQL Injection via the meta_key parameter in the content_clone() function in all versions up to and including 6.3. The issue stems from insufficient escaping of the user-supplied meta_key value and inadequate preparati...
CVE-2026-2893 Page and Post Clone <= 6.3 - Authenticated (Contributor+) SQL Injection via 'meta_key' Parameter
The Page and Post Clone plugin for WordPress is vulnerable to SQL Injection via the 'metakey' parameter in the contentclone function in all versions up to, and including, 6.3. This is due to insufficient escaping on the user-supplied metakey value and insufficient preparation on the existing SQL...
PT-2026-23415
The Page and Post Clone plugin for WordPress is vulnerable to SQL Injection via the 'meta key' parameter in the content clone function in all versions up to, and including, 6.3. This is due to insufficient escaping on the user-supplied meta key value and insufficient preparation on the existing S...
WordPress plugin Page and Post Clone SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
EUVD-2020-20530
Malware in sbrugna...
EUVD-2025-27568
Malicious code in bioql PyPI...
CVE-2025-6189
The Duplicate Page and Post plugin for WordPress is vulnerable to time-based SQL Injection via the ‘metakey’ parameter in all versions up to, and including, 2.9.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...
WordPress Duplicate Page and Post plugin SQL Injection Vulnerability
WordPress Duplicate Page and Post plugin is a plugin for quickly duplicating pages or posts, supporting one-click cloning of existing content and saving it to draft, private or public status, for users who need to batch process website content. WordPress Duplicate Page and Post plugin suffers fro...
CVE-2025-6189
The Duplicate Page and Post plugin for WordPress is vulnerable to time-based SQL Injection via the ‘metakey’ parameter in all versions up to, and including, 2.9.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...
CVE-2025-6189 Duplicate Page and Post <= 2.9.5 - Authenticated (Contributor+) SQL Injection via meta_key Parameter
The Duplicate Page and Post plugin for WordPress is vulnerable to time-based SQL Injection via the ‘metakey’ parameter in all versions up to, and including, 2.9.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...
CVE-2025-6189
CVE-2025-6189 affects the WordPress plugin “Duplicate Page and Post” (versions up to 2.9.5). The issue is a time-based SQL Injection via the meta_key parameter caused by insufficient escaping and improper SQL query preparation. Exploitation requires authenticated access at Contributor level or hi...
CVE-2025-6189 Duplicate Page and Post <= 2.9.5 - Authenticated (Contributor+) SQL Injection via meta_key Parameter
The Duplicate Page and Post plugin for WordPress is vulnerable to time-based SQL Injection via the ‘metakey’ parameter in all versions up to, and including, 2.9.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...