cleantalk
Vulnerabilities and Security Researches

Duplicate Page, d4a895e4769fefb1c9cedee221ed3553b4e736dd

CVE, Research URL

d4a895e4769fefb1c9cedee221ed3553b4e736dd

Home page URL

Security reports for Duplicate Page

Application

Duplicate Page

Published on
Mar 22, 2019
Research Description
Duplicate Page [duplicate-page] < 3.4 Duplicate Page <= 3.3 - SQL Injection The Duplicate Page plugin for WordPress is vulnerable to generic SQL Injection via the ‘post' parameter in versions up to, and including, 3.3 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for non-privileged attackers (Ex. subscribers) to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions
max 3.4.
Status
vulnerable
Previous vulnerability researches
Duplicate Page or Post (CVE-2021-25075) , Jun 07, 2024
WP Duplicate Page (CVE-2022-2093) , Jun 07, 2024
WP Duplicate Page (CVE-2025-14001) , Jan 27, 2026
WP Duplicate Page (CVE-2025-12481) , Dec 10, 2025
Duplicate Page (CVE-2021-24681) , Jun 07, 2024
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar &#8211; Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026