Duplicate Page and Post < 2.5.7 & WP Post Page Clone < 1.1 - SQL Injections due to Duplicated Snippets



Description
SQL Injections in the Duplicate Post, WP Post Page Clone, Duplicate Page and Post plugins, due to using the snippet piece of code.


The issue in the duplicate-post was already added, at https://wpvulndb.com/vulnerabilities/9251

Affects Plugins

fixed in version 1.1
fixed in version 2.5.7

References

URL https://blog.sucuri.net/2020/04/duplicated-vulnerabilities-in-wordpress-plugins.html

Classification

Type SQLI
OWASP Top 10 A1: Injection
CWE CWE-89

Miscellaneous

Original Researcher Antony Garand (Sucuri)
Views 1759
Verified No
WPVDB ID 10190

Timeline

Publicly Published 2020-04-25 (about 1 month ago)
Added 2020-04-24 (about 1 month ago)
Last Updated 2020-05-17 (8 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin