CVE-2019-25314

Name of the Vulnerable Software and Affected Versions Duplicate-Post WordPress Plugin version 3.2.3

Description The Duplicate-Post WordPress Plugin version 3.2.3 has a persistent cross-site scripting issue in the plugin settings parameters. An attacker can inject malicious scripts into the title prefix, suffix, menu order, and blacklist fields. This allows for the execution of arbitrary JavaScript in the admin interfaces. The vulnerable parameters include title prefix, suffix, menu order, and blacklist.

Recommendations Update Duplicate-Post WordPress Plugin to a newer version that addresses this issue. As a temporary workaround, sanitize all input to the title prefix, suffix, menu order, and blacklist fields.