123 matches found
CVE-2019-25314
Duplicate-Post WordPress Plugin 3.2.3 contains a persistent cross-site scripting vulnerability in plugin settings parameters. Attackers can inject malicious scripts into title prefix, suffix, menu order, and blacklist fields to execute arbitrary JavaScript in admin interfaces...
CVE-2019-25314
The CVE describes a persistent cross-site scripting (XSS) flaw in the Duplicate-Post WordPress Plugin version 3.2.3, affecting plugin settings parameters. An attacker can inject JavaScript into fields such as title prefix, suffix, menu order, and blacklist, causing code execution in admin interfa...
CVE-2019-25314 Duplicate-Post 3.2.3 - Persistent Cross-Site Scripting
Yoast Duplicate-Post WordPress Plugin 3.2.3 contains a persistent cross-site scripting vulnerability in plugin settings parameters. Attackers can inject malicious scripts into title prefix, suffix, menu order, and blacklist fields to execute arbitrary JavaScript in admin interfaces...
WordPress plugin Yoast Duplicate 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-7608
Duplicate-Post WordPress Plugin 3.2.3 contains a persistent cross-site scripting vulnerability in plugin settings parameters. Attackers can inject malicious scripts into title prefix, suffix, menu order, and blacklist fields to execute arbitrary JavaScript in admin interfaces...
CVE-2022-35501
Stored Cross-site Scripting XSS exists in the Amasty Blog Pro 2.10.3 and 2.10.4 plugin for Magento 2 because of the duplicate post function...
CVE-2023-4792
The Duplicate Post Page Menu & Custom Post Type plugin for WordPress is vulnerable to unauthorized page and post duplication due to a missing capability check on the duplicateppmcpostasdraft function in versions up to, and including, 2.3.1. This makes it possible for authenticated attackers with...
CVE-2025-13404
The atec Duplicate Page & Post plugin for WordPress is vulnerable to unauthorized post duplication due to missing authorization validation on the duplicatepost function in all versions up to, and including, 1.2.20. This makes it possible for authenticated attackers, with Contributor-level access...
EUVD-2025-199572
The atec Duplicate Page & Post plugin for WordPress is vulnerable to unauthorized post duplication due to missing authorization validation on the duplicatepost function in all versions up to, and including, 1.2.20. This makes it possible for authenticated attackers, with Contributor-level access...
CVE-2025-13404 atec Duplicate Page & Post <= 1.2.20 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Duplication and Data Exposure
The atec Duplicate Page & Post plugin for WordPress is vulnerable to unauthorized post duplication due to missing authorization validation on the duplicatepost function in all versions up to, and including, 1.2.20. This makes it possible for authenticated attackers, with Contributor-level access...
PT-2025-48012
The atec Duplicate Page & Post plugin for WordPress is vulnerable to unauthorized post duplication due to missing authorization validation on the duplicate post function in all versions up to, and including, 1.2.20. This makes it possible for authenticated attackers, with Contributor-level access...
CVE-2025-11454
The Specific Content For Mobile – Customize the mobile version without redirections plugin for WordPress is vulnerable to SQL Injection via the eosscfmduplicatepostasdraft function in all versions up to, and including, 0.5.5 due to insufficient escaping on the user supplied parameter and lack of...
EUVD-2025-124905
The Specific Content For Mobile – Customize the mobile version without redirections plugin for WordPress is vulnerable to SQL Injection via the eosscfmduplicatepostasdraft function in all versions up to, and including, 0.5.5 due to insufficient escaping on the user supplied parameter and lack of...
PT-2025-46647
Name of the Vulnerable Software and Affected Versions The Specific Content For Mobile – Customize the mobile version without redirections plugin for WordPress versions through 0.5.5 Description The plugin is susceptible to SQL Injection due to insufficient escaping of user-supplied parameters and...
EUVD-2014-1149
Malware in sbrugna...
EUVD-2014-1150
Malware in sbrugna...
EUVD-2023-54636
Malicious code in bioql PyPI...
EUVD-2023-40475
Malicious code in bioql PyPI...
WordPress Duplicate Page and Post plugin <= 2.9.5 - Authenticated (Contributor+) SQL Injection via meta_key Parameter vulnerability
Authenticated Contributor+ SQL Injection via metakey Parameter vulnerability discovered by ISMAILSHADOW in WordPress Plugin Duplicate Page and Post versions = 2.9.5...
CVE-2024-12031
The Advanced Floating Content plugin for WordPress is vulnerable to SQL Injection via the 'floatingcontentduplicatepost' function in all versions up to, and including, 3.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...