Duplicate Page <= 3.3 - Authenticated SQL Injection



Description
This vulnerability is exploitable by any users with an account on the vulnerable site (regardless of the privileges they have – e.g., subscribers) 

Affects Plugin

fixed in version 3.4

References

URL https://blog.sucuri.net/2019/04/sql-injection-in-duplicate-page-wordpress-plugin.html
URL https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2060758%40duplicate-page&old=2050443%40duplicate-page&sfp_email=&sfph_mail=

Classification

Type SQLI
OWASP Top 10 A1: Injection
CWE CWE-89

Miscellaneous

Original Researcher Marc-Alexandre Montpas
Submitter Marc-Alexandre Montpas
Submitter Website https://sucuri.net
Submitter Twitter @marcS0H
Views 8176
Verified No
WPVDB ID 9251

Timeline

Publicly Published 2019-04-05 (5 months ago)
Added 2019-04-06 (5 months ago)
Last Updated 2019-04-06 (5 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin