本页列出影响 duplicate_post_project duplicate_post 的已公开 CVE 漏洞(通过 NVD CPE 关联)。每行包含严重程度评分、摘要与发布日期,便于识别与分析安全问题。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2026-53740 | Yoast Duplicate Post through 4.6 inserts an unescaped post title and permalink into the Classic Editor scheduled republish notice. Attackers can schedule a republish copy with a crafted title to execute script when an administrator views the resulting notice. | [email protected] | 5.1 | 0.14% | 2026-06-10 | 2026-06-17 |
| CVE-2026-53739 | Yoast Duplicate Post through 4.6 contains a cross-site request forgery vulnerability in the duplicate_post_dismiss_notice handler, which verifies no nonce or capability. Attackers can trick any authenticated user into sending a request that sets the duplicate_post_show_notice site option, suppressing admin notices network-wide. | [email protected] | 5.1 | 0.10% | 2026-06-10 | 2026-06-17 |
| CVE-2021-43408 | The "Duplicate Post" WordPress plugin up to and including version 1.1.9 is vulnerable to SQL Injection. SQL injection vulnerabilities occur when client supplied data is included within an SQL Query insecurely. SQL Injection can typically be exploited to read, modify and delete SQL table data. In many cases it also possible to exploit features of SQL server to execute system commands and/or access the local file system. This particular vulnerability can be exploited by any authenticated user who | [email protected] | 6.5 | 9.77% | 2021-11-19 | 2026-06-17 |
| CVE-2014-10379 | The duplicate-post plugin before 2.6 for WordPress has SQL injection. | [email protected] | 9.8 | 1.80% | 2019-08-21 | 2026-06-16 |
| CVE-2014-10378 | The duplicate-post plugin before 2.6 for WordPress has XSS. | [email protected] | 6.1 | 0.91% | 2019-08-21 | 2026-06-16 |