CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

103 matches found

Patchstack•added 2026/05/27 2:47 p.m.•7 views

WordPress Duplicate Page and Post plugin <= 2.9.5 - SQL Injection vulnerability

SQL Injection vulnerability discovered by timomangcut in WordPress Plugin Duplicate Page and Post versions = 2.9.5...

8.5CVSS5.9AI score0.00033EPSS

Exploits0Affected Software1

RedhatCVE•added 2026/03/26 3:10 p.m.•1 views

CVE-2026-1217

The Yoast Duplicate Post plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clonebulkactionhandler and republishrequest functions in all versions up to, and including, 4.5. This makes it possible for authenticated attackers, with...

5.4CVSS5.8AI score0.00037EPSS

Exploits0References1

EUVD•added 2026/03/18 12:31 p.m.•3 views

EUVD-2026-12800

5.4CVSS5.7AI score0.00037EPSS

Exploits0References4

Github Security Blog•added 2026/03/18 12:31 p.m.•4 views

Yoast Duplicate Post has an Authenticated (Contributor+) Missing Authorization to Arbitrary Post Duplication and Overwrite

5.4CVSS5.7AI score0.00037EPSS

Exploits0References5Affected Software1

OSV•added 2026/03/18 12:31 p.m.•1 views

GHSA-G9W4-M5FX-X3WV Yoast Duplicate Post has an Authenticated (Contributor+) Missing Authorization to Arbitrary Post Duplication and Overwrite

5.4CVSS5.7AI score0.00037EPSS

Exploits0References5

Snyk•added 2026/03/18 12:31 p.m.•2 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to missing capability checks in the clonebulkactionhandler and republishrequest functions. An attacker can duplicate or overwrite posts, including those they should not have access to, by sending crafted reques...

5.4CVSS5.8AI score0.00037EPSS

Exploits0References2

NVD•added 2026/03/18 10:16 a.m.•2 views

CVE-2026-1217

5.4CVSS0.00037EPSS

Exploits0References3

Vulnrichment•added 2026/03/18 9:28 a.m.•0 views

CVE-2026-1217 Yoast Duplicate Post <= 4.5 - Authenticated (Contributor+) Missing Authorization to Arbitrary Post Duplication and Overwrite

5.4CVSS5.7AI score0.00037EPSS

Exploits0References3

ATTACKERKB•added 2026/03/18 9:28 a.m.•1 views

CVE-2026-1217

5.4CVSS5.7AI score0.00037EPSS

Exploits0References4

CVE•added 2026/03/18 9:28 a.m.•3 views

CVE-2026-1217

The CVE-2026-1217 issue affects the WordPress plugin Yoast Duplicate Post, where a missing capability check in clone_bulk_action_handler() and republish_request() enables authenticated attackers (Contributor level and above) to duplicate any post, including private/draft/trashed posts. Additional...

5.4CVSS5.7AI score0.00037EPSS

Exploits0References3

Cvelist•added 2026/03/18 9:28 a.m.•25 views

CVE-2026-1217 Yoast Duplicate Post <= 4.5 - Authenticated (Contributor+) Missing Authorization to Arbitrary Post Duplication and Overwrite

5.4CVSS0.00037EPSS

Exploits0References3

Patchstack•added 2026/03/18 2:29 a.m.•4 views

WordPress Yoast Duplicate Post plugin <= 4.5 - Authenticated (Contributor+) Missing Authorization to Arbitrary Post Duplication and Overwrite vulnerability

Authenticated Contributor+ Missing Authorization to Arbitrary Post Duplication and Overwrite vulnerability discovered by johska in WordPress Plugin Duplicate Post versions = 4.5...

5.4CVSS5.8AI score0.00037EPSS

Exploits0References1Affected Software1

CNNVD•added 2026/03/18 12:0 a.m.•3 views

WordPress plugin Yoast Duplicate Post 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.4CVSS5.8AI score0.00037EPSS

Exploits0References3

Positive Technologies•added 2026/03/18 12:0 a.m.•2 views

PT-2026-26040

The Yoast Duplicate Post plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clone bulk action handler and republish request functions in all versions up to, and including, 4.5. This makes it possible for authenticated attackers, with...

5.4CVSS5.7AI score0.00037EPSS

Exploits0References7

NVD•added 2026/02/25 10:16 a.m.•4 views

CVE-2026-2301

The Post Duplicator plugin for WordPress is vulnerable to unauthorized arbitrary protected post meta insertion in all versions up to, and including, 3.0.8. This is due to the duplicatepost function in includes/api.php using $wpdb-insert directly to the wppostmeta table instead of WordPress's...

4.3CVSS0.0004EPSS

Exploits0References4

Cvelist•added 2026/02/25 9:26 a.m.•24 views

CVE-2026-2301 Post Duplicator <= 3.0.8 - Missing Authorization to Authenticated (Contributor+) Protected Post Meta Insertion via 'customMetaData' Parameter

4.3CVSS0.0004EPSS

Exploits0References4

ATTACKERKB•added 2026/02/25 9:26 a.m.•4 views

CVE-2026-2301

4.3CVSS5.5AI score0.0004EPSS

Exploits0References5

Patchstack•added 2026/02/11 11:49 p.m.•6 views

WordPress Duplicate Post plugin <= 3.2.3 - Stored Cross-Site Scripting vulnerability

Stored Cross-Site Scripting vulnerability discovered by Unk9vvN in WordPress Plugin Duplicate Post versions = 3.2.3...

5.5CVSS5.4AI score0.00042EPSS

Exploits0References1Affected Software1

NVD•added 2026/02/11 3:16 p.m.•5 views

CVE-2019-25314

Yoast Duplicate-Post WordPress Plugin 3.2.3 contains a persistent cross-site scripting vulnerability in plugin settings parameters. Attackers can inject malicious scripts into title prefix, suffix, menu order, and blacklist fields to execute arbitrary JavaScript in admin interfaces...

5.5CVSS0.00042EPSS

Exploits0References5

Vulnrichment•added 2026/02/11 2:56 p.m.•3 views

CVE-2019-25314 Duplicate-Post 3.2.3 - Persistent Cross-Site Scripting

5.5CVSS5.5AI score0.00042EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by