WordPress Plugin Vulnerabilities

Duplicate Post 2.5 - duplicate-post-admin.php User Login Cookie Value SQL Injection

Description

The Yoast Duplicate Post WordPress plugin was affected by a duplicate-post-admin.php User Login Cookie Value SQL Injection security vulnerability.

Affects Plugins

Plugin icon
duplicate-post
Fixed in 2.6

References

CVE
CVE-2014-10378
CVE
CVE-2014-10379

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
9.8 (critical)

Miscellaneous

Verified
No
WPVDB ID
50f04757-f39b-4d34-b945-c5e8fd0c1afb

Timeline

Publicly Published
2014-08-01 (about 11 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-05-07
Title
YaySMTP < 2.6.5 - Authenticated (Administrator+) SQL Injection
Published
2024-03-28
Title
WordPress Announcement & Notification Banner Plugin – Bulletin < 3.9.0 - Authenticated (Administrator+) SQL Injection
Published
2014-08-01
Title
Paid Downloads < 2.21 - SQL Injection
Published
2026-02-10
Title
SlimStat Analytics < 5.3.2 - Authenticated (Subscriber+) SQL Injection via `args` Parameter
Published
2025-03-31
Title
Ultimate Push Notifications <= 1.2.0 - Subscriber+ SQL Injection