Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

Vulnrichment
Vulnrichmentadded 2026/02/06 8:25 a.m.4 views

CVE-2026-1499 WP Duplicate <= 1.1.8 - Authenticated (Subscriber+) Arbitrary File Upload via 'process_add_site' AJAX Action

The WP Duplicate plugin for WordPress is vulnerable to Missing Authorization leading to Arbitrary File Upload in all versions up to and including 1.1.8. This is due to a missing capability check on the processaddsite AJAX action combined with path traversal in the file upload functionality. This...

8.8CVSS6.2AI score0.0094EPSS
Exploits0References8
CVE
CVEadded 2026/02/06 8:25 a.m.26 views

CVE-2026-1499

The CVE-2026-1499 issue affects the WP Duplicate (Local Sync) WordPress plugin, versions up to and including 1.1.8. The root cause is a missing capability check on the process_add_site AJAX action, combined with path traversal in the file upload flow, allowing an authenticated (subscriber-level) ...

8.8CVSS6.2AI score0.0094EPSS
Exploits0References8
Patchstack
Patchstackadded 2026/02/06 6:14 a.m.6 views

WordPress WP Duplicate plugin <= 1.1.8 - Authenticated (Subscriber+) Arbitrary File Upload via 'process_add_site' AJAX Action vulnerability

Authenticated Subscriber+ Arbitrary File Upload via 'processaddsite' AJAX Action vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin WP Duplicate versions = 1.1.8...

9.8CVSS5.3AI score0.0094EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder