First published: Mon Aug 15 2022(Updated: )
The Duplicate Page and Post WordPress plugin before 2.8 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Duplicate Page And Post Project Duplicate Page And Post | <2.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2022-2152.
The severity of CVE-2022-2152 is medium with a severity value of 4.8.
The affected software is the Duplicate Page and Post WordPress plugin before version 2.8.
CVE-2022-2152 allows high privilege users to perform Cross-Site Scripting (XSS) attacks, even when the unfiltered_html capability is disallowed.
To mitigate CVE-2022-2152, update the Duplicate Page and Post WordPress plugin to version 2.8 or later.