Medium severity5.5NVD Advisory· Published Feb 11, 2026· Updated Apr 15, 2026
CVE-2019-25314
CVE-2019-25314
Description
Yoast Duplicate-Post WordPress Plugin 3.2.3 contains a persistent cross-site scripting vulnerability in plugin settings parameters. Attackers can inject malicious scripts into title prefix, suffix, menu order, and blacklist fields to execute arbitrary JavaScript in admin interfaces.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: =3.2.3
Patches
Vulnerability mechanics
References
5- duplicate-post.lopo.itnvd
- wordpress.org/plugins/duplicate-post/nvd
- www.exploit-db.com/exploits/47424nvd
- www.vulncheck.com/advisories/duplicate-post-persistent-cross-site-scriptingnvd
- www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/duplicate-post/yoast-duplicate-post-323-authenticated-admin-stored-cross-site-scriptingnvd
News mentions
0No linked articles in our index yet.