ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Duplicate Page plugin <= 3.3 - Authenticated SQL Injection (SQLi) vulnerability

Product
Duplicate Page
Description
Authenticated SQL Injection (SQLi) vulnerability found by Marc-Alexandre Montpas in WordPress Duplicate Page plugin (versions <= 3.3).
Solution
Update the WordPress Duplicate Page plugin to the latest available version (at least 3.4).
Classification
Type SQL Injection
OWASP Top 10 A1: Injection
References
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <= 3.3
Fixed In 3.4
Disclosure date
2019-04-08
Credits
Marc-Alexandre Montpas
Submitter
ThreatPress