| CVE/PSC | Application | Date | Affected versions | Description |
|---|---|---|---|---|
| Actual on: Jun 30, 2026, 00:06:17 | Entries count: 19 | |||
|
vulnerable
|
Mar 13, 2025, 10:03:41 |
Min -
Max 1.2
|
Cross-Site Request Forgery (CSRF) vulnerability in Rajesh Kumar WP Bulk Post Duplicator wp-bulk-post-duplicator allows Cross Site Request Forgery.This issue affects WP Bulk Post Duplicator: from n/a through <= 1.2. | |
|
vulnerable
|
Jun 16, 2026, 09:06:22 |
Min -
Max 1.1.3
|
Multisite Post Duplicator [multisite-post-duplicator] < 1.1.3 WordPress Multisite Post Duplicator Plugin <= 0.9.5.1 is vulnerable to Cross Site Request Forgery (CSRF) Update the plugin. An unknown person discovered and reported this Cross Site Request Forgery (CSRF) vulnerability in WordPress Multisite Post Duplicator Plugin. This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. This vulnerability has been fixed in version 1... | |
|
vulnerable
|
Jun 16, 2026, 09:06:22 |
Min -
Max 1.1.3
|
Multisite Post Duplicator [multisite-post-duplicator] < 1.1.3 WordPress Multisite Post Duplicator Plugin <= 0.9.5.1 - Cross Site Request Forgery This plugin is prone to a cross site request forgery vulnerability. Update the plugin. | |
|
vulnerable
|
Jun 07, 2024, 07:06:52 |
Min -
Max 1.1.3
|
The multisite-post-duplicator plugin before 1.1.3 for WordPress has wp-admin/tools.php?page=mpd CSRF. | |
|
vulnerable
|
Jan 27, 2026, 12:01:57 |
Min -
Max 2.2
|
Missing Authorization vulnerability in Arul Prasad J WP Quick Post Duplicator wp-quick-post-duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Quick Post Duplicator: from n/a through <= 2.1. | |
|
vulnerable
|
Jun 07, 2024, 02:06:27 |
Min -
Max 2.1
|
WP Quick Post Duplicator [wp-quick-post-duplicator] < 2.1 WP Quick Post Duplicator <= 2.0 - Missing Authorization The WP Quick Post Duplicator plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the apj_duplicate_post_as_a_draft() function in versions up to, and including, 2.0. This makes it possible for authenticated attackers, with contributor-level access and above, to duplicate arbitrary posts that may have protected content. | |
|
vulnerable
|
Jun 10, 2024, 12:06:26 |
Min -
Max 2.1
|
Missing Authorization vulnerability in Arul Prasad J WP Quick Post Duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Quick Post Duplicator: from n/a through 2.0. | |
|
vulnerable
|
Jun 16, 2026, 01:06:04 |
Min -
Max 2.17
|
Post Duplicator [post-duplicator] < 2.17 Post Duplicator <= 2.16 - Cross-Site Scripting (XSS) The Post Duplicator WordPress plugin was affected by a Cross-Site Scripting (XSS) security vulnerability. | |
|
vulnerable
|
Apr 22, 2026, 15:04:01 |
Min -
Max 3.0.11
|
Post Duplicator [post-duplicator] < 3.0.11 CVE-2026-39474 | |
|
vulnerable
|
Jun 26, 2026, 02:06:41 |
Min -
Max 3.0.15
|
The Post Duplicator WordPress plugin before 3.0.15 does not safely handle custom meta-data during post duplication, storing attacker-supplied serialized values without the WordPress meta API's double-serialization protection, allowing users with Contributor-level access and above to inject a PHP Object. | |
|
SAFE & CERTIFIED
|
Dec 17, 2024, 18:12:09 |
Min 3.0.15
Max 3.0.15
|
Post Duplicator is a powerful yet simple WordPress plugin designed to duplicate posts, pages, and custom post types with just a click. It offers seamless functionality, supporting custom taxonomies and custom fields, making it a must-have for developers and content managers. With its intuitive interface, users can easily create exact replicas of their posts directly from the WordPress dashboard. The plugin is particularly useful for developers working on new WordPress sites, as it allows for the creation o... | |
|
vulnerable
|
Apr 15, 2026, 08:04:35 |
Min -
Max 3.0.9
|
The Post Duplicator plugin for WordPress is vulnerable to unauthorized arbitrary protected post meta insertion in all versions up to, and including, 3.0.8. This is due to the `duplicate_post()` function in `includes/api.php` using `$wpdb->insert()` directly to the `wp_postmeta` table instead of WordPress's standard `add_post_meta()` function, which would call `is_protected_meta()` to prevent lower-privileged users from setting protected meta keys (those starting with `_`). This makes it possible for authent... | |
|
vulnerable
|
Jan 25, 2025, 21:01:15 |
Min -
Max 2.36
|
Missing Authorization vulnerability in metaphorcreations Post Duplicator post-duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Duplicator: from n/a through <= 2.35. | |
|
vulnerable
|
Jan 12, 2025, 00:01:38 |
Min -
Max 2.37
|
The Post Duplicator plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.36 via the mtphr_duplicate_post() function due to insufficient restrictions on which posts can be duplicated. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to by duplicating the post. | |
|
vulnerable
|
Jun 07, 2024, 06:06:28 |
Min -
Max 2.27
|
A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Duplicate Title" text box executes whenever the user opens the Settings Page of the Post Duplicator Plugin or the application root page after duplicating any of the existing posts. | |
|
vulnerable
|
Jun 07, 2024, 06:06:28 |
Min -
Max 2.19
|
A vulnerability was found in meta4creations Post Duplicator Plugin 2.18 on WordPress. It has been classified as problematic. Affected is the function mtphr_post_duplicator_notice of the file includes/notices.php. The manipulation of the argument post-duplicated leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.19 is able to address this issue. The name of the patch is ca67c05e490c0cf93a1e9b2d93bfeff3dd96f594. It is recommended to upgrade the affected compone... | |
|
vulnerable
|
Jun 16, 2026, 01:06:04 |
Min -
Max 2.17
|
Post Duplicator [post-duplicator] < 2.17 WordPress Post Duplicator Plugin <= 2.16 - Cross Site Scripting (XSS) Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Upgrade the plugin. | |
|
vulnerable
|
Jun 10, 2024, 12:06:28 |
Min -
Max 2.32
|
Missing Authorization vulnerability in Metaphor Creations Post Duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Duplicator: from n/a through 2.31. | |
|
vulnerable
|
Jun 16, 2026, 01:06:04 |
Min -
Max 2.17
|
Post Duplicator [post-duplicator] < 2.17 Post Duplicator <= 2.16 - Reflected Cross-Site Scripting The Post Duplicator plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 2.16 due to insufficient input sanitization and output escaping on the 'post-duplicated' parameter. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser. | |