本頁列出影響 duplicate_post_project duplicate_post 的已公開 CVE 漏洞(透過 NVD CPE 關聯)。每列包含嚴重程度評分、摘要與發布日期,便於識別與分析安全議題。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2026-53740 | Yoast Duplicate Post through 4.6 inserts an unescaped post title and permalink into the Classic Editor scheduled republish notice. Attackers can schedule a republish copy with a crafted title to execute script when an administrator views the resulting notice. | [email protected] | 5.1 | 0.14% | 2026-06-10 | 2026-06-17 |
| CVE-2026-53739 | Yoast Duplicate Post through 4.6 contains a cross-site request forgery vulnerability in the duplicate_post_dismiss_notice handler, which verifies no nonce or capability. Attackers can trick any authenticated user into sending a request that sets the duplicate_post_show_notice site option, suppressing admin notices network-wide. | [email protected] | 5.1 | 0.10% | 2026-06-10 | 2026-06-17 |
| CVE-2021-43408 | The "Duplicate Post" WordPress plugin up to and including version 1.1.9 is vulnerable to SQL Injection. SQL injection vulnerabilities occur when client supplied data is included within an SQL Query insecurely. SQL Injection can typically be exploited to read, modify and delete SQL table data. In many cases it also possible to exploit features of SQL server to execute system commands and/or access the local file system. This particular vulnerability can be exploited by any authenticated user who | [email protected] | 6.5 | 9.77% | 2021-11-19 | 2026-06-17 |
| CVE-2014-10379 | The duplicate-post plugin before 2.6 for WordPress has SQL injection. | [email protected] | 9.8 | 1.80% | 2019-08-21 | 2026-06-16 |
| CVE-2014-10378 | The duplicate-post plugin before 2.6 for WordPress has XSS. | [email protected] | 6.1 | 0.91% | 2019-08-21 | 2026-06-16 |