Post Duplicator
by WordPress
Source repositories
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-39474 | Hig | 0.57 | 8.8 | — | Jun 15, 2026 | Contributor PHP Object Injection in Post Duplicator <= 3.0.10 versions. | ||
| CVE-2024-12472 | Med | 0.28 | 4.3 | 0.00 | Jan 11, 2025 | The Post Duplicator plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.36 via the mtphr_duplicate_post() function due to insufficient restrictions on which posts can be duplicated. This makes it possible for authenticated… | ||
| CVE-2016-15027 | 0.00 | — | 0.00 | Feb 20, 2023 | A vulnerability was found in meta4creations Post Duplicator Plugin 2.18 on WordPress. It has been classified as problematic. Affected is the function mtphr_post_duplicator_notice of the file includes/notices.php. The manipulation of the argument post-duplicated leads to cross… | |||
| CVE-2021-33852 | 0.00 | — | 0.00 | Mar 9, 2022 | A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Duplicate Title" text box executes whenever the user opens the Settings Page of the Post… |
- risk 0.57cvss 8.8epss —
Contributor PHP Object Injection in Post Duplicator <= 3.0.10 versions.
- risk 0.28cvss 4.3epss 0.00
The Post Duplicator plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.36 via the mtphr_duplicate_post() function due to insufficient restrictions on which posts can be duplicated. This makes it possible for authenticated…
- CVE-2016-15027Feb 20, 2023risk 0.00cvss —epss 0.00
A vulnerability was found in meta4creations Post Duplicator Plugin 2.18 on WordPress. It has been classified as problematic. Affected is the function mtphr_post_duplicator_notice of the file includes/notices.php. The manipulation of the argument post-duplicated leads to cross…
- CVE-2021-33852Mar 9, 2022risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Duplicate Title" text box executes whenever the user opens the Settings Page of the Post…