CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-33852 – Post Duplicator <= 2.23 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-33852
A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Duplicate Title" text box executes whenever the user opens the Settings Page of the Post Duplicator Plugin or the application root page after duplicating any of the existing posts. Un ataque de tipo cross-site Scripting (XSS) puede hacer que se ejecute código arbitrario (JavaScript) en el navegador de un usuario y puede utilizar una aplicación como vehículo para el ataque. La carga útil XSS dada en el cuadro de texto "Duplicar título" se ejecuta cada vez que el usuario abre la página de configuración del plugin Post Duplicator o la página raíz de la aplicación después de duplicar cualquiera de las publicaciones existentes • https://cybersecurityworks.com/zerodays/cve-2021-33852-stored-cross-site-scripting-in-wordpress-post-duplicator-plugin-2-23.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-15027 – meta4creations Post Duplicator Plugin notices.php mtphr_post_duplicator_notice cross site scripting
https://notcve.org/view.php?id=CVE-2016-15027
A vulnerability was found in meta4creations Post Duplicator Plugin 2.18 on WordPress. It has been classified as problematic. Affected is the function mtphr_post_duplicator_notice of the file includes/notices.php. The manipulation of the argument post-duplicated leads to cross site scripting. It is possible to launch the attack remotely. • https://github.com/meta4creations/post-duplicator/commit/ca67c05e490c0cf93a1e9b2d93bfeff3dd96f594 https://github.com/meta4creations/post-duplicator/releases/tag/2.19 https://vuldb.com/?ctiid.221496 https://vuldb.com/?id.221496 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •