PT-2026-51668 · Undefined · Undefined

Published

2026-06-24

Updated

2026-06-24

CVE-2026-10749

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

The Post Duplicator WordPress plugin before 3.0.15 does not safely handle custom meta-data during post duplication, storing attacker-supplied serialized values without the WordPress meta API's double-serialization protection, allowing users with Contributor-level access and above to inject a PHP Object.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2026-10749

Affected Products

Undefined

PT-2026-51668 · Undefined · Undefined

CVE-2026-10749

Related Identifiers

Affected Products

References · 2