Filtered by vendor Duplicate Post Project Subscriptions

Search

Switch to Advanced Search (Beta)
Total 5 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2026-53739 3 Duplicate Post Project, Wordpress, Yoast 3 Duplicate Post, Wordpress, Yoast Duplicate Post 2026-06-11 4.3 Medium
Yoast Duplicate Post through 4.6 contains a cross-site request forgery vulnerability in the duplicate_post_dismiss_notice handler, which verifies no nonce or capability. Attackers can trick any authenticated user into sending a request that sets the duplicate_post_show_notice site option, suppressing admin notices network-wide.
CVE-2026-53740 2 Duplicate Post Project, Wordpress 2 Duplicate Post, Wordpress 2026-06-10 5.4 Medium
Yoast Duplicate Post through 4.6 inserts an unescaped post title and permalink into the Classic Editor scheduled republish notice. Attackers can schedule a republish copy with a crafted title to execute script when an administrator views the resulting notice.
CVE-2021-43408 1 Duplicate Post Project 1 Duplicate Post 2024-11-21 6.5 Medium
The "Duplicate Post" WordPress plugin up to and including version 1.1.9 is vulnerable to SQL Injection. SQL injection vulnerabilities occur when client supplied data is included within an SQL Query insecurely. SQL Injection can typically be exploited to read, modify and delete SQL table data. In many cases it also possible to exploit features of SQL server to execute system commands and/or access the local file system. This particular vulnerability can be exploited by any authenticated user who has been granted access to use the Duplicate Post plugin. By default, this is limited to Administrators, however the plugin presents the option to permit access to the Editor, Author, Contributor and Subscriber roles.
CVE-2014-10379 1 Duplicate Post Project 1 Duplicate Post 2024-11-21 N/A
The duplicate-post plugin before 2.6 for WordPress has SQL injection.
CVE-2014-10378 1 Duplicate Post Project 1 Duplicate Post 2024-11-21 N/A
The duplicate-post plugin before 2.6 for WordPress has XSS.