16 matches found
CVE-2026-39474 WordPress Post Duplicator plugin <= 3.0.10 - PHP Object Injection vulnerability
Contributor PHP Object Injection in Post Duplicator = 3.0.10 versions...
CVE-2026-2301
The Post Duplicator plugin for WordPress is vulnerable to unauthorized arbitrary protected post meta insertion in all versions up to, and including, 3.0.8. This is due to the duplicatepost function in includes/api.php using $wpdb-insert directly to the wppostmeta table instead of WordPress's...
CVE-2026-2301
The Post Duplicator plugin for WordPress is vulnerable to unauthorized arbitrary protected post meta insertion in all versions up to, and including, 3.0.8. This is due to the duplicatepost function in includes/api.php using $wpdb-insert directly to the wppostmeta table instead of WordPress's...
CVE-2021-33852
A cross-site scripting XSS attack can cause arbitrary code JavaScript to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Duplicate Title" text box executes whenever the user opens the Settings Page of the Post Duplicator Plugin or th...
EUVD-2021-20526
Malware in sbrugna...
CVE-2025-24736 WordPress Post Duplicator plugin <= 2.35 - Broken Access Control vulnerability
Missing Authorization vulnerability in metaphorcreations Post Duplicator post-duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Duplicator: from n/a through = 2.35...
CVE-2016-15027
A vulnerability was found in meta4creations Post Duplicator Plugin 2.18 on WordPress. It has been classified as problematic. Affected is the function mtphrpostduplicatornotice of the file includes/notices.php. The manipulation of the argument post-duplicated leads to cross site scripting. It is...
Cross site scripting
A vulnerability was found in meta4creations Post Duplicator Plugin 2.18 on WordPress. It has been classified as problematic. Affected is the function mtphrpostduplicatornotice of the file includes/notices.php. The manipulation of the argument post-duplicated leads to cross site scripting. It is...
CVE-2016-15027 meta4creations Post Duplicator Plugin notices.php mtphr_post_duplicator_notice cross site scripting
A vulnerability was found in meta4creations Post Duplicator Plugin 2.18 on WordPress. It has been classified as problematic. Affected is the function mtphrpostduplicatornotice of the file includes/notices.php. The manipulation of the argument post-duplicated leads to cross site scripting. It is...
CVE-2016-15027
CVE-2016-15027 affects the WordPress meta4creations Post Duplicator Plugin (v2.18). The vulnerability is in the function mtphr_post_duplicator_notice within includes/notices.php, where manipulation of the argument post-duplicated enables cross-site scripting. It can be exploited remotely. The iss...
PT-2023-10346 · Meta4Creations · Meta4Creations Post Duplicator Plugin
Name of the Vulnerable Software and Affected Versions: meta4creations Post Duplicator Plugin version 2.18 Description: A vulnerability was found in the meta4creations Post Duplicator Plugin. It has been classified as problematic and affects the function mtphr post duplicator notice of the file...
CVE-2021-33852
A cross-site scripting XSS attack can cause arbitrary code JavaScript to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Duplicate Title" text box executes whenever the user opens the Settings Page of the Post Duplicator Plugin or th...
CVE-2021-33852
A cross-site scripting XSS attack can cause arbitrary code JavaScript to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Duplicate Title" text box executes whenever the user opens the Settings Page of the Post Duplicator Plugin or th...
Cross site scripting
A cross-site scripting XSS attack can cause arbitrary code JavaScript to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Duplicate Title" text box executes whenever the user opens the Settings Page of the Post Duplicator Plugin or th...
CVE-2021-33852
A cross-site scripting XSS attack can cause arbitrary code JavaScript to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Duplicate Title" text box executes whenever the user opens the Settings Page of the Post Duplicator Plugin or th...
CVE-2021-33852
CVE-2021-33852 concerns the WordPress Post Duplicator plugin (versions affected prior to 2.27). The issue is a stored XSS caused by insufficient sanitization of the Duplicate Title/Slug fields, allowing a crafted payload to execute JavaScript in a user’s browser when the Settings page or applicat...