VYPR

Duplicate Wp Page Post

by WordPress

Source repositories

CVEs (4)

  • CVE-2026-49046HigMay 27, 2026
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Arjun Thakur Duplicate Page and Post allows Blind SQL Injection. This issue affects Duplicate Page and Post: from n/a through 2.9.5.

  • CVE-2025-6189MedSep 10, 2025
    risk 0.42cvss 6.5epss 0.00

    The Duplicate Page and Post plugin for WordPress is vulnerable to time-based SQL Injection via the ‘meta_key’ parameter in all versions up to, and including, 2.9.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing…

  • CVE-2025-13404MedNov 25, 2025
    risk 0.34cvss 5.3epss 0.00

    The atec Duplicate Page & Post plugin for WordPress is vulnerable to unauthorized post duplication due to missing authorization validation on the duplicate_post() function in all versions up to, and including, 1.2.20. This makes it possible for authenticated attackers, with…

  • CVE-2021-25075LowFeb 21, 2022
    risk 0.23cvss 3.5epss 0.02

    The Duplicate Page or Post WordPress plugin before 1.5.1 does not have any authorisation and has a flawed CSRF check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin's settings,…