cleantalk

Vulnerabilities and Security Researches

Security report for CVE Post Duplicator > CVE-2021-33852

CVE, Research URL

CVE-2021-33852

Home page URL

Security reports for Post Duplicator

Application

Post Duplicator

Published on
Mar 10, 2022
Research Description
A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Duplicate Title" text box executes whenever the user opens the Settings Page of the Post Duplicator Plugin or the application root page after duplicating any of the existing posts.
Affected versions
Min -, max 2.17.
Status
vulnerable
Previous vulnerability researches
Multisite Post Duplicator (CVE-2016-10944) , Jun 07, 2024
WP Quick Post Duplicator (8c412c0666baee67ae3ee0f0eb18d8d95123aee2) , Jun 07, 2024
WP Quick Post Duplicator (CVE-2023-31214) , Jun 10, 2024
Post Duplicator , Dec 17, 2024
Post Duplicator (CVE-2025-24736) , Jan 25, 2025
New vulnerability
Qi Addons For Elementor (CVE-2024-13699) , Feb 06, 2025
Bulk Categories Assign (CVE-2025-23582) , Feb 05, 2025
Songkick Concerts and Festivals (CVE-2025-25146) , Feb 05, 2025
Auto SEO (CVE-2025-25147) , Feb 05, 2025
Smart DoFollow (CVE-2025-25152) , Feb 05, 2025