CVE-2021-25075

Name of the Vulnerable Software and Affected Versions Duplicate Page or Post WordPress plugin versions prior to 1.5.1

Description The issue concerns a lack of authorization and a flawed CSRF check in the wpdevart duplicate post parametrs save in db AJAX action. This allows any authenticated user to change the plugin's settings or perform a CSRF attack. Additionally, the lack of escaping could lead to Stored Cross-Site Scripting issues.

Recommendations For versions prior to 1.5.1, update to version 1.5.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the wpdevart duplicate post parametrs save in db AJAX action to prevent unauthorized changes to the plugin's settings.