3 matches found
CVE-2021-25075
creationtimestamp| type| source ---|---|--- 2023-04-27 09:58:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-25075.yaml...
CVE-2021-25075
CVE-2021-25075 documents a stored cross-site scripting vulnerability in the WordPress plugin Duplicate Page or Post before version 1.5.1. The flaw stems from missing authorization checks and a flawed CSRF validation in the AJAX action wpdevart_duplicate_post_parametrs_save_in_db, allowing any aut...
CVE-2021-25075 Duplicate Page or Post < 1.5.1 - Arbitrary Settings Update to Stored XSS
The Duplicate Page or Post WordPress plugin before 1.5.1 does not have any authorisation and has a flawed CSRF check in the wpdevartduplicatepostparametrssaveindb AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin's settings, or perform such attack...