CVE-2019-25314

CVSS v3.1

5.5

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Duplicate-Post WordPress Plugin version 3.2.3

Description The Duplicate-Post WordPress Plugin version 3.2.3 has a persistent cross-site scripting issue in the plugin settings parameters. An attacker can inject malicious scripts into the title prefix, suffix, menu order, and blacklist fields. This allows for the execution of arbitrary JavaScript in the admin interfaces. The vulnerable parameters include title prefix, suffix, menu order, and blacklist.

Recommendations Update Duplicate-Post WordPress Plugin to a newer version that addresses this issue. As a temporary workaround, sanitize all input to the title prefix, suffix, menu order, and blacklist fields.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-25314

Affected Products

Duplicate Post

CVE-2019-25314

Weakness Enumeration

Related Identifiers

Affected Products

References · 7