Vulnerabilities and security researches for post-duplicator

Jun 07, 2024

CVE, Research URL: CVE-2021-33852
Application: Post Duplicator
Date: Mar 10, 2022
Research Description: A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Duplicate Title" text box executes whenever the user opens the Settings Page of the Post Duplicator Plugin or the application root page after duplicating any of the existing posts.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2016-15027
Application: Post Duplicator
Date: Feb 20, 2023
Research Description: A vulnerability was found in meta4creations Post Duplicator Plugin 2.18 on WordPress. It has been classified as problematic. Affected is the function mtphr_post_duplicator_notice of the file includes/notices.php. The manipulation of the argument post-duplicated leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.19 is able to address this issue. The name of the patch is ca67c05e490c0cf93a1e9b2d93bfeff3dd96f594. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221496.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-49835
Application: Post Duplicator
Date: -
Research Description: The Post Duplicator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mtphr_duplicate_post function in versions up to, and including, 2.31. This makes it possible for authenticated attackers, with contributor-level access and above, to publish posts upon duplication.
Affected versions: Min -, max -.
Status: vulnerable

PSC, Research URL: PSC-2024-64534
Application: Post Duplicator
Date: -
Research Description: Post Duplicator is a powerful yet simple WordPress plugin designed to duplicate posts, pages, and custom post types with just a click. It offers seamless functionality, supporting custom taxonomies and custom fields, making it a must-have for developers and content managers. With its intuitive interface, users can easily create exact replicas of their posts directly from the WordPress dashboard. The plugin is particularly useful for developers working on new WordPress sites, as it allows for the creation of dummy content to test layouts and features. By streamlining content duplication, Post Duplicator ensures a hassle-free user experience while maintaining compatibility with WordPress core features.
Affected versions: Min -, max -.
Status: SAFE & CERTIFIED