cleantalk
Vulnerabilities and Security Researches

Duplicate Page, 7b71ccf24044ee8cc2cb48e21b580dfda394bc1f

CVE, Research URL

7b71ccf24044ee8cc2cb48e21b580dfda394bc1f

Home page URL

Security reports for Duplicate Page

Application

Duplicate Page

Published on
Apr 25, 2020
Research Description
Duplicate Page [duplicate-page] < 3.4 Duplicate Page Plugins <= (Various Versions) - SQL Injection The Duplicate Page and Post, WP Post Page Clone and Duplicate Page plugins for WordPress are vulnerable to SQL Injection via the ‘post’ parameter in versions up to, and including, 2.5.6, 1.1, and 3.3 respectively, due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions
max 3.4.
Status
vulnerable
Previous vulnerability researches
WPvivid Backup for MainWP (ec00cf2f6a6757dc3371250c1689bf0e482f89f9) , Jun 16, 2026
WPvivid Backup for MainWP (2c3fbbc425bd92d0f969e669e6a4b8564997aa02) , Jun 16, 2026
WPvivid Backup for MainWP (CVE-2024-35664) , Jun 06, 2024
WPvivid Backup for MainWP (CVE-2024-1383) , Jun 06, 2024
New vulnerability
DoLogin Security (6bc5d02a0598a6e3d36e918308d115d43cb208f9) , Jun 16, 2026
DoLogin Security (ec9ed021b819b9fec28c1dd4736944e0b26ef789) , Jun 16, 2026
Google Adsense &amp; Banner Ads by AdsforWP (c6dff62a2b657607d687fa1f7dc266e0b19911e0) , Jun 16, 2026
Google Adsense &amp; Banner Ads by AdsforWP (43a5814f-1550-4d5d-9eea-61f55c2fe83a) , Jun 16, 2026
Google Adsense &amp; Banner Ads by AdsforWP (1d373ae5c37d65493598c86766728b37a2c8b99a) , Jun 16, 2026