CVE-2026-2301 Post Duplicator <= 3.0.8 - Missing Authorization to Authenticated (Contributor+) Protected Post Meta Insertion via 'customMetaData' Parameter

The Post Duplicator plugin for WordPress is vulnerable to unauthorized arbitrary protected post meta insertion in all versions up to, and including, 3.0.8. This is due to the duplicatepost function in includes/api.php using $wpdb-insert directly to the wppostmeta table instead of WordPress's...

CVE-2026-2301

The Post Duplicator plugin for WordPress is vulnerable to unauthorized arbitrary protected post meta insertion in all versions up to, and including, 3.0.8. This is due to the duplicatepost function in includes/api.php using $wpdb-insert directly to the wppostmeta table instead of WordPress's...

CVE-2026-2301

CVE-2026-2301 (Post Duplicator, WordPress): Wordfence and related sources confirm a protected post meta insertion vulnerability in Post Duplicator

PT-2026-21893

The Post Duplicator plugin for WordPress is vulnerable to unauthorized arbitrary protected post meta insertion in all versions up to, and including, 3.0.8. This is due to the duplicate post function in includes/api.php using $wpdb-insert directly to the wp postmeta table instead of WordPress's...

EUVD-2020-20530

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-28039

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - isprotectedmeta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is...

DEBIAN-CVE-2020-28039

isprotectedmeta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected...

UBUNTU-CVE-2020-28039

isprotectedmeta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected...

WordPress <= 5.5.1 - Bypass Protected Meta That Could Lead To Arbitrary File Deletion vulnerability

Bypass Protected Meta That Could Lead To Arbitrary File Deletion vulnerability found by Slavco Mihajloski mslavco in WordPress versions = 5.5.1. Solution Update the WordPress to the latest available version at least 5.5.2...

wordpress -- multiple issues

wordpress developers reports: Ten security issues affect WordPress versions 5.5.1 and earlier. If you havent yet updated to 5.5, all WordPress versions since 3.7 have also been updated to fix the following security issues: -Props to Alex Concha of the WordPress Security Team for their work in...

PT-2020-5777 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.5.2 Description: The issue is related to the is protected meta function in the wp-includes/meta.php component of the WordPress content management system. This function incorrectly determines the protection status...