CVE-2024-5997

The Duplica – Duplicate Posts, Pages, Custom Posts or Users plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the duplicateuser and duplicatepost functions in all versions up to, and including, 0.6. This makes it possible for authenticate...

CVE-2024-5997

CVE-2024-5997 affects the WordPress plugin Duplica (versions

WordPress Duplica plugin <= 0.6 - Authenticated (Subscriber+) Missing Authorization to Users/Posts Duplicates Creation vulnerability

Authenticated Subscriber+ Missing Authorization to Users/Posts Duplicates Creation vulnerability discovered by Lucio Sá in WordPress Plugin Duplica versions = 0.6...

PT-2024-37302

Name of the Vulnerable Software and Affected Versions: The Duplica – Duplicate Posts, Pages, Custom Posts or Users plugin for WordPress versions up to, and including, 0.6 Description: The issue allows authenticated attackers with Subscriber-level access and above to create duplicates of users and...

WordPress Duplica Plugin <= 0.6 is vulnerable to Broken Access Control

Software Duplica Type Plugin Vulnerable versions = 0.6 Fixed in 0.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5997 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2d89afd960c6 Credits Lucio Sá Required privilege Subscriber...