Duplicate Page <= 3.3 - Authenticated SQL Injection



Description
This vulnerability is exploitable by any users with an account on the vulnerable site (regardless of the privileges they have – e.g., subscribers) 

Affects Plugin

fixed in version 3.4

References

URL https://blog.sucuri.net/2019/04/sql-injection-in-duplicate-page-wordpress-plugin.html
URL https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2060758%40duplicate-page&old=2050443%40duplicate-page&sfp_email=&sfph_mail=

Classification

Type SQLI
OWASP Top 10 A1: Injection
CWE CWE-89

Miscellaneous

Original Researcher Marc-Alexandre Montpas
Submitter Marc-Alexandre Montpas
Submitter Website https://sucuri.net
Submitter Twitter @marcS0H
Views 3930
Verified No
WPVDB ID 9251

Timeline

Publicly Published 2019-04-05 (20 days ago)
Added 2019-04-06 (19 days ago)
Last Updated 2019-04-06 (19 days ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.