CVE-2026-49046

WordPress Duplicate Page and Post plugin <= 2.9.5 - SQL Injection vulnerability

CVSS 8.5 HIGHEPSS 0.3%CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Arjun Thakur Duplicate Page and Post allows Blind SQL Injection. This issue affects Duplicate Page and Post: from n/a through 2.9.5.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

Produtos afetados

Arjun Thakur · Duplicate Page and Post

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://patchstack.com/database/wordpress/plugin/duplicate-wp-page-post/vulnerability/wordpress-duplicate-page-and-post-plugin-2-9-5-sql-injection-vulnerability?_s_id=cve