69 matches found
GHSA-G9W4-M5FX-X3WV Yoast Duplicate Post has an Authenticated (Contributor+) Missing Authorization to Arbitrary Post Duplication and Overwrite
The Yoast Duplicate Post plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clonebulkactionhandler and republishrequest functions in all versions up to, and including, 4.5. This makes it possible for authenticated attackers, with...
CVE-2026-1217 Yoast Duplicate Post <= 4.5 - Authenticated (Contributor+) Missing Authorization to Arbitrary Post Duplication and Overwrite
The Yoast Duplicate Post plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clonebulkactionhandler and republishrequest functions in all versions up to, and including, 4.5. This makes it possible for authenticated attackers, with...
CVE-2026-1217 Yoast Duplicate Post <= 4.5 - Authenticated (Contributor+) Missing Authorization to Arbitrary Post Duplication and Overwrite
The Yoast Duplicate Post plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clonebulkactionhandler and republishrequest functions in all versions up to, and including, 4.5. This makes it possible for authenticated attackers, with...
WordPress Yoast Duplicate Post plugin <= 4.5 - Authenticated (Contributor+) Missing Authorization to Arbitrary Post Duplication and Overwrite vulnerability
Authenticated Contributor+ Missing Authorization to Arbitrary Post Duplication and Overwrite vulnerability discovered by johska in WordPress Plugin Duplicate Post versions = 4.5...
CVE-2026-2917
CVE-2026-2917 (Happy Addons for Elementor, WordPress) is an Insecure Direct Object Reference vulnerability affecting all versions up to 3.21.0. The root cause is the can_clone() check only enforcing a general capability (current_user_can('edit_posts')) and an action nonce bound to the generic ha_...
CVE-2026-2917 Happy Addons for Elementor <= 3.21.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Post Duplication via 'post_id' Parameter
The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via the haduplicatething admin action handler. This is due to the canclone method only checking currentusercan'editposts' a general capability without...
WordPress Happy Addons for Elementor plugin <= 3.21.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Post Duplication via 'post_id' Parameter vulnerability
Insecure Direct Object Reference to Authenticated Contributor+ Post Duplication via 'postid' Parameter vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Happy Addons for Elementor versions = 3.21.0...
WordPress WP Duplicate Page plugin <= 1.8 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Duplication vulnerability
Missing Authorization to Authenticated Contributor+ Arbitrary Post Duplication vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin WP Duplicate Page versions = 1.8...
CVE-2025-14001
CVE-2025-14001 relates to the WordPress plugin WP Duplicate Page (versions
CVE-2025-14074
The PDF for Contact Form 7 + Drag and Drop Template Builder plugin for WordPress is vulnerable to unauthorized post duplication due to a missing capability check on the 'rednumberduplicate' function in all versions up to, and including, 6.3.3. This makes it possible for authenticated attackers,...
CVE-2025-14074
The PDF for Contact Form 7 + Drag and Drop Template Builder plugin for WordPress is vulnerable to unauthorized post duplication due to a missing capability check on the 'rednumberduplicate' function in all versions up to, and including, 6.3.3. This makes it possible for authenticated attackers,...
EUVD-2025-203072
The PDF for Contact Form 7 + Drag and Drop Template Builder plugin for WordPress is vulnerable to unauthorized post duplication due to a missing capability check on the 'rednumberduplicate' function in all versions up to, and including, 6.3.3. This makes it possible for authenticated attackers,...
CVE-2025-14074
CVE-2025-14074 concerns the WordPress plugin PDF for Contact Form 7 + Drag and Drop Template Builder. Public sources confirm a vulnerability where an authenticated user (Subscriber or higher) can trigger unauthorized post duplication due to a missing capability check in the rednumber_duplicate fu...
CVE-2025-14074 PDF for Contact Form 7 + Drag and Drop Template Builder <= 6.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Duplication
The PDF for Contact Form 7 + Drag and Drop Template Builder plugin for WordPress is vulnerable to unauthorized post duplication due to a missing capability check on the 'rednumberduplicate' function in all versions up to, and including, 6.3.3. This makes it possible for authenticated attackers,...
CVE-2025-14074 PDF for Contact Form 7 + Drag and Drop Template Builder <= 6.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Duplication
The PDF for Contact Form 7 + Drag and Drop Template Builder plugin for WordPress is vulnerable to unauthorized post duplication due to a missing capability check on the 'rednumberduplicate' function in all versions up to, and including, 6.3.3. This makes it possible for authenticated attackers,...
WordPress PDF for Contact Form 7 + Drag and Drop Template Builder plugin <= 6.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Duplication vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Post Duplication vulnerability discovered by Legion Hunter in WordPress Plugin PDF for Contact Form 7 versions = 6.3.3...
PT-2025-50912
The PDF for Contact Form 7 + Drag and Drop Template Builder plugin for WordPress is vulnerable to unauthorized post duplication due to a missing capability check on the 'rednumber duplicate' function in all versions up to, and including, 6.3.3. This makes it possible for authenticated attackers,...
WordPress plugin atec Duplicate Page & Post has an unspecified vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerability exists in WordPress plugin atec Duplicate Page & Post 1.2.20 and earli...
CVE-2025-13404 atec Duplicate Page & Post <= 1.2.20 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Duplication and Data Exposure
The atec Duplicate Page & Post plugin for WordPress is vulnerable to unauthorized post duplication due to missing authorization validation on the duplicatepost function in all versions up to, and including, 1.2.20. This makes it possible for authenticated attackers, with Contributor-level access...
CVE-2025-13404
CVE-2025-13404 concerns the WordPress plugin “atec Duplicate Page & Post” (versions up to and including 1.2.20). The root cause is missing authorization validation in the duplicate_post() function, allowing authenticated users with Contributor-level access or higher to duplicate arbitrary posts, ...