Lucene search
K

123 matches found

Check Point Advisories
Check Point Advisories
added 2021/12/15 12:0 a.m.9 views

WordPress Duplicate Post Plugin SQL Injection (CVE-2021-43408)

An SQL injection vulnerability exists in WordPress Duplicate Post Plugin. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

9CVSS4.9AI score0.09509EPSS
Exploits3
OSV
OSV
added 2021/11/19 4:15 p.m.5 views

CVE-2021-43408

The "Duplicate Post" WordPress plugin up to and including version 1.1.9 is vulnerable to SQL Injection. SQL injection vulnerabilities occur when client supplied data is included within an SQL Query insecurely. SQL Injection can typically be exploited to read, modify and delete SQL table data. In...

8.8CVSS5.8AI score0.09509EPSS
Exploits3References2
NVD
NVD
added 2021/11/19 4:15 p.m.25 views

CVE-2021-43408

The "Duplicate Post" WordPress plugin up to and including version 1.1.9 is vulnerable to SQL Injection. SQL injection vulnerabilities occur when client supplied data is included within an SQL Query insecurely. SQL Injection can typically be exploited to read, modify and delete SQL table data. In...

9CVSS0.09509EPSS
Exploits3References2
Prion
Prion
added 2021/11/19 4:15 p.m.22 views

Sql injection

The "Duplicate Post" WordPress plugin up to and including version 1.1.9 is vulnerable to SQL Injection. SQL injection vulnerabilities occur when client supplied data is included within an SQL Query insecurely. SQL Injection can typically be exploited to read, modify and delete SQL table data. In...

9CVSS9.1AI score0.09509EPSS
Exploits3References2Affected Software1
Cvelist
Cvelist
added 2021/11/19 3:41 p.m.30 views

CVE-2021-43408 Duplicate Post WordPress Plugin SQL Injection Vulnerability

The "Duplicate Post" WordPress plugin up to and including version 1.1.9 is vulnerable to SQL Injection. SQL injection vulnerabilities occur when client supplied data is included within an SQL Query insecurely. SQL Injection can typically be exploited to read, modify and delete SQL table data. In...

6.5CVSS9.4AI score0.09509EPSS
Exploits3References2
CVE
CVE
added 2021/11/19 3:41 p.m.82 views

CVE-2021-43408

Summary (CVE-2021-43408) : The WordPress plugin “Duplicate Post” (versions up to 1.1.9) is vulnerable to SQL Injection via an authenticated user with plugin access. The root cause is improper sanitization/escaping of SQL statements when the cdp_action_handling AJAX action processes the id paramet...

9CVSS8.2AI score0.09509EPSS
Exploits3References2Affected Software1
CNNVD
CNNVD
added 2021/11/19 12:0 a.m.7 views

WordPress 插件SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress plugin is a WordPress open source application plugin. The WordPress plugin Duplicate Post version 1.1.9 suffers...

9CVSS8.2AI score0.09509EPSS
Exploits3References3
Patchstack
Patchstack
added 2021/10/25 12:0 a.m.238 views

WordPress Duplicate Post plugin <= 1.1.9 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by AppCheck in WordPress Duplicate Post plugin versions = 1.1.9. Solution Update the WordPress Duplicate Post plugin to the latest available version at least 1.2.0...

9CVSS2.9AI score0.09509EPSS
Exploits3References3Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/25 12:0 a.m.27 views

Duplicate Post < 1.2.0 - Authenticated SQL Injection

The plugin does not properly sanitise and escape the id parameter passed to the cdpactionhandling AJAX action, which could allow user having access to the plugin by default admins to perform SQL Injection attacks PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Content-Length: 229 Accept: /...

9CVSS1AI score0.09509EPSS
Exploits3References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/28 12:0 a.m.24 views

Duplicate Page < 4.4.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise or escape the Duplicate Post Suffix settings before outputting it, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. The attempt to fix the issue in 4.4.2 is insufficient and...

4.8CVSS1.1AI score0.0087EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/04/25 12:0 a.m.9 views

Duplicate Page and Post < 2.5.7 & WP Post Page Clone < 1.1 - SQL Injections due to Duplicated Snippets

SQL Injections in the Duplicate Post, WP Post Page Clone, Duplicate Page and Post plugins, due to using the snippet piece of code. The issue in the duplicate-post was already added, at https://wpvulndb.com/vulnerabilities/9251...

0.2AI score
Exploits0References1Affected Software2
0day.today
0day.today
added 2019/09/26 12:0 a.m.30 views

WordPress Duplicate-Post 3.2.3 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Duplicate-Post 3.2.3 - Persistent Cross-Site Scripting Exploit Author: Unk9vvN Vendor Homepage: https://duplicate-post.lopo.it/ Software Link: https://wordpress.org/plugins/duplicate-post/ Version: 3.2.3 Tested on: Kali Linux CV...

Exploits0
WPVulnDB
WPVulnDB
added 2019/09/26 12:0 a.m.14 views

Duplicate Post <= 3.2.3 - Authenticated Stored Cross-Site Scripting (XSS)

The Duplicate Post plugin was vulnerable to Authenticated Stored Cross-Site Scripting XSS. However, the POST request had a CSRF nonce that was verified, and no user's without the unfilteredhtml capability, such as Author or Subscriber, were able to access the affected Duplicate Post settings page...

1.2AI score
Exploits0References3Affected Software1
CNVD
CNVD
added 2019/08/23 12:0 a.m.4 views

WordPress duplicate-post plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress duplicate-post plugin. An attacker can exploit th...

6.1CVSS6.3AI score0.00913EPSS
Exploits0References1
CNVD
CNVD
added 2019/08/23 12:0 a.m.2 views

WordPress duplicate-post plugin SQL injection vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress duplicate-post plugin. An attacker can exploit this...

9.8CVSS8AI score0.01795EPSS
Exploits0References1
NVD
NVD
added 2019/08/21 7:15 p.m.25 views

CVE-2014-10378

The duplicate-post plugin before 2.6 for WordPress has XSS...

6.1CVSS6.4AI score0.00913EPSS
Exploits0References1
Prion
Prion
added 2019/08/21 7:15 p.m.22 views

Cross site scripting

The duplicate-post plugin before 2.6 for WordPress has XSS...

4.3CVSS7.2AI score0.00913EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2019/08/21 7:15 p.m.14 views

Sql injection

The duplicate-post plugin before 2.6 for WordPress has SQL injection...

7.5CVSS8.4AI score0.01795EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/08/21 6:7 p.m.57 views

CVE-2014-10379

CVE-2014-10379 affects the WordPress WordPress Duplicate Post plugin. The connected documents consistently describe a SQL injection vulnerability in the plugin’s code path related to the duplication feature, with the plugin version before 2.6 identified as affected. The root cause is a SQL inject...

9.8CVSS9.9AI score0.01795EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.7 views

Duplicate Post 2.5 - options-general.php post Parameter Reflected XSS

The Yoast Duplicate Post WordPress plugin was affected by an options-general.php post Parameter Reflected XSS security vulnerability...

1.8AI score
Exploits0Affected Software1
Rows per page
Query Builder