CVE-2021-43408

Name of the Vulnerable Software and Affected Versions Duplicate Post WordPress plugin version 1.1.9 and earlier

Description The issue occurs due to SQL injection vulnerabilities, which happen when client-supplied data is included within an SQL query insecurely. This can be exploited to read, modify, and delete SQL table data. In many cases, it is also possible to exploit features of the SQL server to execute system commands and/or access the local file system. The vulnerability can be exploited by any authenticated user who has been granted access to use the Duplicate Post plugin, which by default is limited to Administrators, but can also be permitted for Editor, Author, Contributor, and Subscriber roles.

Recommendations For Duplicate Post WordPress plugin version 1.1.9 and earlier, consider disabling the plugin until a patch is available to prevent exploitation. Restrict access to the plugin to minimize the risk of exploitation, especially for roles that have been granted permission to use it. As a temporary workaround, limit the access to the plugin to only necessary users. At the moment, there is no information about a newer version that contains a fix for this vulnerability.