Published: 19/11/2021 Updated: 24/11/2021

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 801

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

The "Duplicate Post" WordPress plugin up to and including version 1.1.9 is vulnerable to SQL Injection. SQL injection vulnerabilities occur when client supplied data is included within an SQL Query insecurely. SQL Injection can typically be exploited to read, modify and delete SQL table data. In many cases it also possible to exploit features of SQL server to execute system commands and/or access the local file system. This particular vulnerability can be exploited by any authenticated user who has been granted access to use the Duplicate Post plugin. By default, this is limited to Administrators, however the plugin presents the option to permit access to the Editor, Author, Contributor and Subscriber roles.

Vulnerable Product	Search on Vulmon	Subscribe to Product
duplicate post project duplicate post

CVE-2021-43408: Wordpress Plugin Duplicate Post version 119 - SQL Injection I Tổng quan 1 Wordpress là gì WordPress là một phần mềm CMS (Content Management System) mã nguồn mở, là hệ thống quản lý nội dung Thay vì sử dụng ngôn ngữ mã hóa HTML thì WP được viết bằng

CWE-89 https://appcheck-ng.com/security-advisory-duplicate-post-wordpress-plugin-sql-injection-vulnerability/https://plugins.trac.wordpress.org/browser/copy-delete-posts/tags/1.2.0/post/handler.php#L510 https://nvd.nist.gov https://github.com/tuannq2299/CVE-2021-43408

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-43408

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect