cleantalk
Vulnerabilities and Security Researches

Yoast Duplicate Post, CVE-2019-25314

CVE, Research URL

CVE-2019-25314

Home page URL

Security reports for Yoast Duplicate Post

Application

Yoast Duplicate Post

Published on
Feb 11, 2026
Research Description
Yoast Duplicate-Post WordPress Plugin 3.2.3 contains a persistent cross-site scripting vulnerability in plugin settings parameters. Attackers can inject malicious scripts into title prefix, suffix, menu order, and blacklist fields to execute arbitrary JavaScript in admin interfaces.
Affected versions
max 3.2.3.
Status
vulnerable
Previous vulnerability researches
WP iCal Availability (CVE-2023-46607) , Jun 10, 2024
WP iCal Availability (CVE-2023-41853) , Jun 07, 2024
New vulnerability
Complianz – GDPR/CCPA Cookie Consent (CVE-2025-11185) , Feb 27, 2026
HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce (CVE-2026-24392) , Feb 27, 2026
Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics (CVE-2026-25407) , Feb 27, 2026
WP Activity Log (CVE-2026-25331) , Feb 27, 2026
Yoast Duplicate Post (CVE-2019-25314) , Feb 27, 2026