Description

WordPress Plugin Duplicate Page and Post is injecting spam into the website's content, thus publicizing content to normal site visitors or to search engines without the authorization of the website's owner. WordPress Plugin Duplicate Page and Post version 2.1.1 is vulnerable; prior versions may also be affected.

Remediation

Disable the plugin until a fix is available

References

https://www.wordfence.com/blog/2017/12/plugin-backdoor-supply-chain/

Related Vulnerabilities

WordPress Plugin WordPress Download Manager Cross-Site Scripting (3.2.21)

WordPress Plugin Users Ultra Membership Multiple Vulnerabilities (1.5.62)

XWiki Missing Authentication for Critical Function Vulnerability (CVE-2022-24820)

WordPress Plugin SoundCloud Is Gold 'width' Parameter Cross-Site Scripting (2.1)

WordPress Plugin WPtouch Security Bypass (3.4.2)

Severity

High

Classification

CWE-610 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update