cleantalk
Vulnerabilities and Security Researches

Post Duplicator, b8def1faf168606b25cd85fe69733d55d6f145b0

CVE, Research URL

b8def1faf168606b25cd85fe69733d55d6f145b0

Home page URL

Security reports for Post Duplicator

Application

Post Duplicator

Published on
Apr 06, 2016
Research Description
Post Duplicator [post-duplicator] < 2.17 Post Duplicator <= 2.16 - Reflected Cross-Site Scripting The Post Duplicator plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 2.16 due to insufficient input sanitization and output escaping on the 'post-duplicated' parameter. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
Affected versions
max 2.17.
Status
vulnerable
Previous vulnerability researches
WP Bulk Post Duplicator (CVE-2025-28884) , Mar 13, 2025
Multisite Post Duplicator (21dab0133f69693d6e8ee2e9451064427d6a7c99) , Jun 16, 2026
Multisite Post Duplicator (f96c5000401eea9f1b5397fc4310449610e38ed2) , Jun 16, 2026
Multisite Post Duplicator (CVE-2016-10944) , Jun 07, 2024
WP Quick Post Duplicator (CVE-2026-24387) , Jan 27, 2026
New vulnerability
Post Duplicator (CVE-2026-10749) , Jun 26, 2026
Tourfic – Ultimate Hotel Booking, Travel Booking &amp; Apartment Booking WordPress Plugin | WooCommerce Booking (CVE-2026-12937) , Jun 26, 2026
WP Meta SEO (CVE-2026-9643) , Jun 25, 2026
WP Meta SEO (CVE-2026-11370) , Jun 25, 2026
Bulk SEO Image (CVE-2026-11997) , Jun 25, 2026