Lucene search
+L

123 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/11 2:56 p.m.4 views

CVE-2019-25314

Duplicate-Post WordPress Plugin 3.2.3 contains a persistent cross-site scripting vulnerability in plugin settings parameters. Attackers can inject malicious scripts into title prefix, suffix, menu order, and blacklist fields to execute arbitrary JavaScript in admin interfaces...

6.4CVSS5.5AI score0.00207EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/02/11 2:56 p.m.21 views

CVE-2019-25314

The CVE describes a persistent cross-site scripting (XSS) flaw in the Duplicate-Post WordPress Plugin version 3.2.3, affecting plugin settings parameters. An attacker can inject JavaScript into fields such as title prefix, suffix, menu order, and blacklist, causing code execution in admin interfa...

5.5CVSS5.5AI score0.00207EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/11 2:56 p.m.27 views

CVE-2019-25314 Duplicate-Post 3.2.3 - Persistent Cross-Site Scripting

Yoast Duplicate-Post WordPress Plugin 3.2.3 contains a persistent cross-site scripting vulnerability in plugin settings parameters. Attackers can inject malicious scripts into title prefix, suffix, menu order, and blacklist fields to execute arbitrary JavaScript in admin interfaces...

5.5CVSS0.00207EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/11 12:0 a.m.10 views

WordPress plugin Yoast Duplicate 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.5CVSS5.9AI score0.00207EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.16 views

PT-2026-7608

Duplicate-Post WordPress Plugin 3.2.3 contains a persistent cross-site scripting vulnerability in plugin settings parameters. Attackers can inject malicious scripts into title prefix, suffix, menu order, and blacklist fields to execute arbitrary JavaScript in admin interfaces...

6.4CVSS5.5AI score0.00207EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/09 10:39 a.m.16 views

CVE-2022-35501

Stored Cross-site Scripting XSS exists in the Amasty Blog Pro 2.10.3 and 2.10.4 plugin for Magento 2 because of the duplicate post function...

5.4CVSS6AI score0.00482EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:26 a.m.6 views

CVE-2023-4792

The Duplicate Post Page Menu & Custom Post Type plugin for WordPress is vulnerable to unauthorized page and post duplication due to a missing capability check on the duplicateppmcpostasdraft function in versions up to, and including, 2.3.1. This makes it possible for authenticated attackers with...

4.3CVSS5AI score0.00406EPSS
Exploits0References1
NVD
NVD
added 2025/11/25 8:15 a.m.25 views

CVE-2025-13404

The atec Duplicate Page & Post plugin for WordPress is vulnerable to unauthorized post duplication due to missing authorization validation on the duplicatepost function in all versions up to, and including, 1.2.20. This makes it possible for authenticated attackers, with Contributor-level access...

5.3CVSS0.00231EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/25 7:28 a.m.4 views

EUVD-2025-199572

The atec Duplicate Page & Post plugin for WordPress is vulnerable to unauthorized post duplication due to missing authorization validation on the duplicatepost function in all versions up to, and including, 1.2.20. This makes it possible for authenticated attackers, with Contributor-level access...

5.3CVSS5.2AI score0.00231EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/25 7:28 a.m.11 views

CVE-2025-13404 atec Duplicate Page & Post <= 1.2.20 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Duplication and Data Exposure

The atec Duplicate Page & Post plugin for WordPress is vulnerable to unauthorized post duplication due to missing authorization validation on the duplicatepost function in all versions up to, and including, 1.2.20. This makes it possible for authenticated attackers, with Contributor-level access...

5.3CVSS0.00231EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/25 12:0 a.m.9 views

PT-2025-48012

The atec Duplicate Page & Post plugin for WordPress is vulnerable to unauthorized post duplication due to missing authorization validation on the duplicate post function in all versions up to, and including, 1.2.20. This makes it possible for authenticated attackers, with Contributor-level access...

5.3CVSS5.7AI score0.00231EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/11/13 11:7 a.m.4 views

CVE-2025-11454

The Specific Content For Mobile – Customize the mobile version without redirections plugin for WordPress is vulnerable to SQL Injection via the eosscfmduplicatepostasdraft function in all versions up to, and including, 0.5.5 due to insufficient escaping on the user supplied parameter and lack of...

6.5CVSS6.5AI score0.00312EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/12 11:5 a.m.4 views

EUVD-2025-124905

The Specific Content For Mobile – Customize the mobile version without redirections plugin for WordPress is vulnerable to SQL Injection via the eosscfmduplicatepostasdraft function in all versions up to, and including, 0.5.5 due to insufficient escaping on the user supplied parameter and lack of...

6.5CVSS6AI score0.00312EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/12 12:0 a.m.5 views

PT-2025-46647

Name of the Vulnerable Software and Affected Versions The Specific Content For Mobile – Customize the mobile version without redirections plugin for WordPress versions through 0.5.5 Description The plugin is susceptible to SQL Injection due to insufficient escaping of user-supplied parameters and...

6.5CVSS7AI score0.00312EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2014-1149

Malware in sbrugna...

6.1CVSS6.3AI score0.00913EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2014-1150

Malware in sbrugna...

9.8CVSS9.5AI score0.01795EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-54636

Malicious code in bioql PyPI...

4.3CVSS6.2AI score0.00406EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-40475

Malicious code in bioql PyPI...

5.4CVSS9.1AI score0.00549EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/09/09 11:16 p.m.9 views

WordPress Duplicate Page and Post plugin <= 2.9.5 - Authenticated (Contributor+) SQL Injection via meta_key Parameter vulnerability

Authenticated Contributor+ SQL Injection via metakey Parameter vulnerability discovered by ISMAILSHADOW in WordPress Plugin Duplicate Page and Post versions = 2.9.5...

6.5CVSS7.6AI score0.00278EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 8:19 a.m.5 views

CVE-2024-12031

The Advanced Floating Content plugin for WordPress is vulnerable to SQL Injection via the 'floatingcontentduplicatepost' function in all versions up to, and including, 3.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

6.5CVSS6.6AI score0.00425EPSS
Exploits0References1
Rows per page
Query Builder