WordPress Plugin Vulnerabilities

Multisite Post Duplicator < 1.1.3 - Cross-Site Request Forgery (CSRF)

Description

The Multisite Post Duplicator WordPress plugin was affected by a Cross-Site Request Forgery (CSRF) security vulnerability.

Affects Plugins

Plugin icon
multisite-post-duplicator
Fixed in 1.1.3

References

CVE
CVE-2016-10944
URL
https://advisories.dxw.com/advisories/csrf-vulnerability-in-multisite-post-duplicator-could-allow-an-attacker-to-do-almost-anything-an-admin-user-can-do/
URL
https://seclists.org/fulldisclosure/2016/Dec/36

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
8.8 (high)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
52dceadb-6167-4ca0-9cfc-5dd4fcfc2c17

Timeline

Publicly Published
2016-12-09 (about 9 years ago)
Added
2016-12-11 (about 9 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2023-03-21
Title
Redirection < 1.1.5 - Plugin Reset via CSRF
Published
2024-05-31
Title
WP Logs Book <= 1.0.1 - Disable Logging via CSRF
Published
2025-06-12
Title
WP2HTML < 1.0.3 - Cross-Site Request Forgery to Settings Update
Published
2026-01-28
Title
Enter Addons < 2.3.3 - Cross-Site Request Forgery
Published
2025-06-27
Title
MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet < 3.2.1 - Cross-Site Request Forgery to Settings Reset