123 matches found
WordPress Duplicate Post Plugin SQL Injection (CVE-2021-43408)
An SQL injection vulnerability exists in WordPress Duplicate Post Plugin. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
CVE-2021-43408
The "Duplicate Post" WordPress plugin up to and including version 1.1.9 is vulnerable to SQL Injection. SQL injection vulnerabilities occur when client supplied data is included within an SQL Query insecurely. SQL Injection can typically be exploited to read, modify and delete SQL table data. In...
CVE-2021-43408
The "Duplicate Post" WordPress plugin up to and including version 1.1.9 is vulnerable to SQL Injection. SQL injection vulnerabilities occur when client supplied data is included within an SQL Query insecurely. SQL Injection can typically be exploited to read, modify and delete SQL table data. In...
Sql injection
The "Duplicate Post" WordPress plugin up to and including version 1.1.9 is vulnerable to SQL Injection. SQL injection vulnerabilities occur when client supplied data is included within an SQL Query insecurely. SQL Injection can typically be exploited to read, modify and delete SQL table data. In...
CVE-2021-43408 Duplicate Post WordPress Plugin SQL Injection Vulnerability
The "Duplicate Post" WordPress plugin up to and including version 1.1.9 is vulnerable to SQL Injection. SQL injection vulnerabilities occur when client supplied data is included within an SQL Query insecurely. SQL Injection can typically be exploited to read, modify and delete SQL table data. In...
CVE-2021-43408
Summary (CVE-2021-43408) : The WordPress plugin “Duplicate Post” (versions up to 1.1.9) is vulnerable to SQL Injection via an authenticated user with plugin access. The root cause is improper sanitization/escaping of SQL statements when the cdp_action_handling AJAX action processes the id paramet...
WordPress 插件SQL注入漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress plugin is a WordPress open source application plugin. The WordPress plugin Duplicate Post version 1.1.9 suffers...
WordPress Duplicate Post plugin <= 1.1.9 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by AppCheck in WordPress Duplicate Post plugin versions = 1.1.9. Solution Update the WordPress Duplicate Post plugin to the latest available version at least 1.2.0...
Duplicate Post < 1.2.0 - Authenticated SQL Injection
The plugin does not properly sanitise and escape the id parameter passed to the cdpactionhandling AJAX action, which could allow user having access to the plugin by default admins to perform SQL Injection attacks PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Content-Length: 229 Accept: /...
Duplicate Page < 4.4.3 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise or escape the Duplicate Post Suffix settings before outputting it, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. The attempt to fix the issue in 4.4.2 is insufficient and...
Duplicate Page and Post < 2.5.7 & WP Post Page Clone < 1.1 - SQL Injections due to Duplicated Snippets
SQL Injections in the Duplicate Post, WP Post Page Clone, Duplicate Page and Post plugins, due to using the snippet piece of code. The issue in the duplicate-post was already added, at https://wpvulndb.com/vulnerabilities/9251...
WordPress Duplicate-Post 3.2.3 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Duplicate-Post 3.2.3 - Persistent Cross-Site Scripting Exploit Author: Unk9vvN Vendor Homepage: https://duplicate-post.lopo.it/ Software Link: https://wordpress.org/plugins/duplicate-post/ Version: 3.2.3 Tested on: Kali Linux CV...
Duplicate Post <= 3.2.3 - Authenticated Stored Cross-Site Scripting (XSS)
The Duplicate Post plugin was vulnerable to Authenticated Stored Cross-Site Scripting XSS. However, the POST request had a CSRF nonce that was verified, and no user's without the unfilteredhtml capability, such as Author or Subscriber, were able to access the affected Duplicate Post settings page...
WordPress duplicate-post plugin cross-site scripting vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress duplicate-post plugin. An attacker can exploit th...
WordPress duplicate-post plugin SQL injection vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress duplicate-post plugin. An attacker can exploit this...
CVE-2014-10378
The duplicate-post plugin before 2.6 for WordPress has XSS...
Cross site scripting
The duplicate-post plugin before 2.6 for WordPress has XSS...
Sql injection
The duplicate-post plugin before 2.6 for WordPress has SQL injection...
CVE-2014-10379
CVE-2014-10379 affects the WordPress WordPress Duplicate Post plugin. The connected documents consistently describe a SQL injection vulnerability in the plugin’s code path related to the duplication feature, with the plugin version before 2.6 identified as affected. The root cause is a SQL inject...
Duplicate Post 2.5 - options-general.php post Parameter Reflected XSS
The Yoast Duplicate Post WordPress plugin was affected by an options-general.php post Parameter Reflected XSS security vulnerability...