← Zuruck zu CVEs

CVE-2019-25314

MEDIUM

5.5

Beschreibung

Yoast Duplicate-Post WordPress Plugin 3.2.3 contains a persistent cross-site scripting vulnerability in plugin settings parameters. Attackers can inject malicious scripts into title prefix, suffix, menu order, and blacklist fields to execute arbitrary JavaScript in admin interfaces.

CVE Details

CVSS v3.1 Bewertung5.5

SchweregradMEDIUM

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienHIGH

BenutzerinteraktionNONE

Veroffentlicht2/11/2026

Zuletzt geandert2/13/2026

Quellenvd

Honeypot-Sichtungen0

Referenzen

https://duplicate-post.lopo.it/(disclosure@vulncheck.com)

https://wordpress.org/plugins/duplicate-post/(disclosure@vulncheck.com)

https://www.exploit-db.com/exploits/47424(disclosure@vulncheck.com)

https://www.vulncheck.com/advisories/duplicate-post-persistent-cross-site-scripting(disclosure@vulncheck.com)

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/duplicate-post/yoast-duplicate-post-323-authenticated-admin-stored-cross-site-scripting(disclosure@vulncheck.com)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.