CVE-2026-1217

The CVE-2026-1217 issue affects the WordPress plugin Yoast Duplicate Post, where a missing capability check in clone_bulk_action_handler() and republish_request() enables authenticated attackers (Contributor level and above) to duplicate any post, including private/draft/trashed posts. Additional...

CVE-2026-28782

Craft is a content management system CMS. Prior to 5.9.0-beta.1 and 4.17.0-beta.1, the "Duplicate" entry action does not properly verify if the user has permission to perform this action on the specific target elements. Even with only "View Entries" permission where the "Duplicate" action is...

CVE-2025-14001 WP Duplicate Page <= 1.8 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Duplication

The WP Duplicate Page plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'duplicateBulkHandle' and 'duplicateBulkHandleHPOS' functions in all versions up to, and including, 1.8. This makes it possible for authenticated attackers, with...

CVE-2025-14001

CVE-2025-14001 relates to the WordPress plugin WP Duplicate Page (versions

CVE-2025-13924

CVE-2025-13924 affects Advanced Product Fields (Product Addons) for WooCommerce. The vulnerability is a Cross-Site Request Forgery due to missing/incorrect nonce validation on the maybe_duplicate function, allowing unauthenticated attackers to duplicate and publish product field groups (including...

CVE-2025-13404

The atec Duplicate Page & Post plugin for WordPress is vulnerable to unauthorized post duplication due to missing authorization validation on the duplicatepost function in all versions up to, and including, 1.2.20. This makes it possible for authenticated attackers, with Contributor-level access...

EUVD-2024-48688

Malicious code in bioql PyPI...

EUVD-2024-17156

Malicious code in bioql PyPI...

EUVD-2023-54636

Malicious code in bioql PyPI...

CVE-2024-1400

The Mollie Forms plugin for WordPress is vulnerable to unauthorized post or page duplication due to a missing capability check on the duplicateForm function in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with subscriber access or higher, to...

CVE-2024-7836

The Themify Builder plugin for WordPress is vulnerable to unauthorized post duplication due to missing checks on the duplicatepageajaxify function in all versions up to, and including, 7.6.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to duplicate...

CVE-2024-7836

The Themify Builder plugin for WordPress is vulnerable to unauthorized post duplication due to missing checks on the duplicatepageajaxify function in all versions up to, and including, 7.6.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to duplicate...

CVE-2024-7836

CVE-2024-7836 affects the WordPress plugin Themify Builder: all versions up to and including 7.6.1 are vulnerable to unauthorized post duplication due to missing checks in the duplicate_page_ajaxify function. This allows authenticated attackers with Contributor-level access and above to duplicate...

CVE-2024-1387

The Happy Addons for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to insufficient authorization on the duplicatething function in all versions up to, and including, 3.10.4. This makes it possible for attackers, with contributor-level access and above, to clone...

CVE-2024-1400

The Mollie Forms plugin for WordPress is vulnerable to unauthorized post or page duplication due to a missing capability check on the duplicateForm function in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with subscriber access or higher, to...

CVE-2024-1400

The Mollie Forms plugin for WordPress is vulnerable to unauthorized post or page duplication due to a missing capability check on the duplicateForm function in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with subscriber access or higher, to...

Design/Logic Flaw

The Mollie Forms plugin for WordPress is vulnerable to unauthorized post or page duplication due to a missing capability check on the duplicateForm function in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with subscriber access or higher, to...

CVE-2024-1400 Mollie Forms <= 2.6.3 - Missing Authorization to Arbitrary Post Duplication

The Mollie Forms plugin for WordPress is vulnerable to unauthorized post or page duplication due to a missing capability check on the duplicateForm function in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with subscriber access or higher, to...

CVE-2023-4792

The Duplicate Post Page Menu & Custom Post Type plugin for WordPress is vulnerable to unauthorized page and post duplication due to a missing capability check on the duplicateppmcpostasdraft function in versions up to, and including, 2.3.1. This makes it possible for authenticated attackers with...

CVE-2023-4792

The Duplicate Post Page Menu & Custom Post Type plugin for WordPress is vulnerable to unauthorized page and post duplication due to a missing capability check on the duplicateppmcpostasdraft function in versions up to, and including, 2.3.1. This makes it possible for authenticated attackers with...