432 matches found
CVE-2026-10749
The Post Duplicator WordPress plugin before 3.0.15 does not safely handle custom meta-data during post duplication, storing attacker-supplied serialized values without the WordPress meta API's double-serialization protection, allowing users with Contributor-level access and above to inject a PHP...
CVE-2026-10749
CVE-2026-10749 affects the Post Duplicator WordPress plugin (pre-3.0.15). The vulnerability arises from improper handling of custom metadata during post duplication, storing attacker-supplied serialized values without the WordPress meta API double-serialization protection, enabling PHP Object inj...
EUVD-2026-38694
The Post Duplicator WordPress plugin before 3.0.15 does not safely handle custom meta-data during post duplication, storing attacker-supplied serialized values without the WordPress meta API's double-serialization protection, allowing users with Contributor-level access and above to inject a PHP...
CVE-2026-10749 Post Duplicator < 3.0.15 - Contributor+ PHP Object Injection via customMetaData
The Post Duplicator WordPress plugin before 3.0.15 does not safely handle custom meta-data during post duplication, storing attacker-supplied serialized values without the WordPress meta API's double-serialization protection, allowing users with Contributor-level access and above to inject a PHP...
WordPress Duplicator Plugin < 1.2.42 - Arbitrary Code Execution
An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files installer.php and installer-backup.php, an attacker can inject PHP code into wp-config.php during the database setup step, achieving arbitrary code execution. id: CVE-2018-17207 info: name:...
Duplicator < 1.4.7.1 - Information Disclosure
The Duplicator WordPress plugin before 1.4.7 does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site. id: CVE-2022-2552 info: name: Duplicator 1.4.7.1 - Information Disclosure author:...
Duplicator < 1.5.7.1; Duplicator Pro < 4.5.14.2 - Unauthenticated Sensitive Data Exposure
The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the backups-dup-lite/tmp directory or the backups-dup-pro/tmp directory in the Pro version, which temporarily stores files containing sensitive data. When directory listing is...
EUVD-2026-36937
Contributor PHP Object Injection in Post Duplicator = 3.0.10 versions...
CVE-2026-39474
Contributor PHP Object Injection in Post Duplicator = 3.0.10 versions...
CVE-2026-39474 WordPress Post Duplicator plugin <= 3.0.10 - PHP Object Injection vulnerability
Contributor PHP Object Injection in Post Duplicator = 3.0.10 versions...
CVE-2026-39474
The CVE CVE-2026-39474 concerns the WordPress Post Duplicator plugin (versions
PT-2026-49379
Contributor PHP Object Injection in Post Duplicator = 3.0.10 versions...
CVE-2021-47977
WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the file parameter. Attackers can send requests to the duplicatordownload action via admin-ajax.php wit...
CVE-2021-47977
CVE-2021-47977 affects the WordPress plugin Anti-Malware Security and Bruteforce Firewall 4.20.59. It describes a directory traversal vulnerability where unauthenticated attackers can read arbitrary files by manipulating the file parameter via the duplicator_download action in admin-ajax.php, usi...
WordPress plugin Anti-Malware Security and Bruteforce Firewall 路径遍历漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
PT-2026-41463
Name of the Vulnerable Software and Affected Versions Anti-Malware Security and Bruteforce Firewall version 4.20.59 Description A directory traversal issue allows unauthenticated attackers to read arbitrary files by manipulating the file parameter. Attackers can send requests to the 'duplicator...
WordPress Post Duplicator plugin <= 3.0.10 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Post Duplicator versions = 3.0.10...
CVE-2026-2301
The Post Duplicator plugin for WordPress is vulnerable to unauthorized arbitrary protected post meta insertion in all versions up to, and including, 3.0.8. This is due to the duplicatepost function in includes/api.php using $wpdb-insert directly to the wppostmeta table instead of WordPress's...
CVE-2026-2301
The Post Duplicator plugin for WordPress is vulnerable to unauthorized arbitrary protected post meta insertion in all versions up to, and including, 3.0.8. This is due to the duplicatepost function in includes/api.php using $wpdb-insert directly to the wppostmeta table instead of WordPress's...
CVE-2026-2301
CVE-2026-2301 (Post Duplicator, WordPress): Wordfence and related sources confirm a protected post meta insertion vulnerability in Post Duplicator