77 matches found
CVE-2025-14074 PDF for Contact Form 7 + Drag and Drop Template Builder <= 6.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Duplication
The PDF for Contact Form 7 + Drag and Drop Template Builder plugin for WordPress is vulnerable to unauthorized post duplication due to a missing capability check on the 'rednumberduplicate' function in all versions up to, and including, 6.3.3. This makes it possible for authenticated attackers,...
CVE-2025-14074
CVE-2025-14074 concerns the WordPress plugin PDF for Contact Form 7 + Drag and Drop Template Builder. Public sources confirm a vulnerability where an authenticated user (Subscriber or higher) can trigger unauthorized post duplication due to a missing capability check in the rednumber_duplicate fu...
EUVD-2025-203072
The PDF for Contact Form 7 + Drag and Drop Template Builder plugin for WordPress is vulnerable to unauthorized post duplication due to a missing capability check on the 'rednumberduplicate' function in all versions up to, and including, 6.3.3. This makes it possible for authenticated attackers,...
WordPress PDF for Contact Form 7 + Drag and Drop Template Builder plugin <= 6.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Duplication vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Post Duplication vulnerability discovered by Legion Hunter in WordPress Plugin PDF for Contact Form 7 versions = 6.3.3...
PT-2025-50912
The PDF for Contact Form 7 + Drag and Drop Template Builder plugin for WordPress is vulnerable to unauthorized post duplication due to a missing capability check on the 'rednumber duplicate' function in all versions up to, and including, 6.3.3. This makes it possible for authenticated attackers,...
WordPress plugin atec Duplicate Page & Post has an unspecified vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerability exists in WordPress plugin atec Duplicate Page & Post 1.2.20 and earli...
CVE-2025-13404
CVE-2025-13404 concerns the WordPress plugin “atec Duplicate Page & Post” (versions up to and including 1.2.20). The root cause is missing authorization validation in the duplicate_post() function, allowing authenticated users with Contributor-level access or higher to duplicate arbitrary posts, ...
CVE-2025-13404 atec Duplicate Page & Post <= 1.2.20 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Duplication and Data Exposure
The atec Duplicate Page & Post plugin for WordPress is vulnerable to unauthorized post duplication due to missing authorization validation on the duplicatepost function in all versions up to, and including, 1.2.20. This makes it possible for authenticated attackers, with Contributor-level access...
WordPress plugin atec Duplicate Page & Post 安全漏洞
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerability exists in WordPress plugin atec Duplicate Page & Post 1.2.20 and earli...
WordPress atec Duplicate Page & Post plugin <= 1.2.20 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Duplication and Data Exposure vulnerability
Missing Authorization to Authenticated Contributor+ Arbitrary Post Duplication and Data Exposure vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin atec Duplicate Page & Post versions = 1.2.20...
EUVD-2018-1903
Malware in sbrugna...
EUVD-2022-49954
Malicious code in bioql PyPI...
EUVD-2024-48952
Malicious code in bioql PyPI...
CVE-2024-7836
The Themify Builder plugin for WordPress is vulnerable to unauthorized post duplication due to missing checks on the duplicatepageajaxify function in all versions up to, and including, 7.6.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to duplicate...
CVE-2024-4199
The Bulk Posts Editing For WordPress plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on the plugin's AJAX actions in all versions up to, and including, 4.2.3. This makes it possible for authenticated attackers, with subscriber access an...
CVE-2024-8123
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.0.8 via the duplicatepost function due to missing validation on a user controlled key. This makes it possible for authenticated attackers...
CVE-2022-47179
Cross-Site Request Forgery CSRF vulnerability in Uwe Jacobs OWM Weather plugin = 5.6.11 leads to post duplication as a draft...
CVE-2025-0661
The DethemeKit For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.36 via the duplicatepost function due to insufficient restrictions on which posts can be duplicated. This makes it possible for authenticated attackers, with...
CVE-2025-0661
CVE-2025-0661: DethemeKit For Elementor (WordPress) has information exposure due to insufficient restrictions in duplicate_post() handled by authenticated users (Contributor+). Affects all versions up to 2.36; attackers could duplicate posts (password-protected, private, draft, or scheduled) to e...
CVE-2024-12472
The Post Duplicator plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.36 via the mtphrduplicatepost function due to insufficient restrictions on which posts can be duplicated. This makes it possible for authenticated attackers, with Contributor-lev...