Описание
The Duplicate Post Page Menu & Custom Post Type plugin for WordPress is vulnerable to unauthorized page and post duplication due to a missing capability check on the duplicate_ppmc_post_as_draft function in versions up to, and including, 2.3.1. This makes it possible for authenticated attackers with subscriber access or higher to duplicate posts and pages.
Ссылки
- Product
- Patch
- Third Party Advisory
- Product
- Patch
- Third Party Advisory
Уязвимые конфигурации
EPSS
4.3 Medium
CVSS3
Дефекты
Связанные уязвимости
The Duplicate Post Page Menu & Custom Post Type plugin for WordPress is vulnerable to unauthorized page and post duplication due to a missing capability check on the duplicate_ppmc_post_as_draft function in versions up to, and including, 2.3.1. This makes it possible for authenticated attackers with subscriber access or higher to duplicate posts and pages.
EPSS
4.3 Medium
CVSS3