Lucene search
WpvulndbWPVDB-ID:3288B339-FE27-4706-B511-5B8586C9D370HistoryDec 02, 2021 - 12:00 a.m.
Post Duplicator < 2.27 - Admin+ Stored Cross-Site Scripting
2021-12-0200:00:00
wpscan.com
19
post duplicator
vulnerability
admin+ stored xss
cross-site scripting
unfiltered_html
EPSS
0.001
Percentile
24.8%
The plugin does not sanitise and escape its Duplicate Title and Slug settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
PoC
Put the following payload in the “Duplicate Title” or “Duplicate Slug” settings: ">
Related
cvelist
cvelist
CVE-2021-33852
2022-03-09 16:54:43
patchstack
patchstack
openvas
openvas
WordPress Post Duplicator Plugin < 2.27 XSS Vulnerability
2022-04-05 00:00:00
nvd
nvd
CVE-2021-33852
2022-03-10 17:42:36
prion
prion
Cross site scripting
2022-03-10 17:42:00
cnvd
cnvd
WordPress Plugin Post-Duplicator Plugin Cross-Site Scripting Vulnerability
2022-03-14 00:00:00
wpexploit
wpexploit
Post Duplicator < 2.27 - Admin+ Stored Cross-Site Scripting
2021-12-02 00:00:00
cve
cve
CVE-2021-33852
2022-03-10 17:42:36