PT-2026-23415 · WordPress · Wordpress Page/Post Clone
Arthur Grimault
·
Publicado
2026-03-05
·
Atualizado
2026-03-05
·
CVE-2026-2893
CVSS v3.1
6.5
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
WordPress Page and Post Clone plugin versions prior to 6.3
Description
The Page and Post Clone plugin for WordPress is susceptible to SQL Injection via the
meta key parameter within the content clone() function. This is a result of inadequate escaping of user-provided meta key values and insufficient preparation of the existing SQL query. Authenticated attackers with Contributor-level access or higher can append additional SQL queries to existing queries, potentially extracting sensitive information from the database. The injection is second-order, meaning the malicious payload is stored as a post meta key and executed during post cloning.Recommendations
Update WordPress Page and Post Clone plugin to a version newer than 6.3.
Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Wordpress Page/Post Clone