cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forrevisionary revisionary

Direction: ascending
Oct 11, 2024

PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes # CVE-2024-9436

CVE, Research URL

CVE-2024-9436

Home page URL

Security reports for PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes

Application

PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes

Date
Oct 11, 2024
Research Description
The PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.5.14. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions
max 3.5.15.
Status
vulnerable
Nov 21, 2024

PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes # CVE-2024-11154

CVE, Research URL

CVE-2024-11154

Home page URL

Security reports for PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes

Application

PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes

Date
Nov 20, 2024
Research Description
The PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.15 via the 'actAjaxRevisionDiffs' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive data including revisions of posts and pages.
Affected versions
max 3.5.16.
Status
vulnerable
Feb 27, 2026

PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes # CVE-2026-25322

CVE, Research URL

CVE-2026-25322

Home page URL

Security reports for PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes

Application

PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes

Date
Feb 19, 2026
Research Description
Cross-Site Request Forgery (CSRF) vulnerability in PublishPress PublishPress Revisions revisionary allows Cross Site Request Forgery.This issue affects PublishPress Revisions: from n/a through <= 3.7.22.
Affected versions
max 3.7.22.
Status
vulnerable