WordPress Plugin Vulnerabilities

WP Replicate Post < 4.1 - Contributor+ SQL Injection

Description

The plugin does not properly escape the post_id parameter and lacks sufficient preparation on the SQL query, leading to SQL Injection vulnerability.

Affects Plugins

Plugin icon
wp-replicate-post
Fixed in 4.1

References

CVE
CVE-2023-2237
URL
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-replicate-post/wp-replicate-post-402-authenticated-contributor-sql-injection

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
4.9 (medium)

Miscellaneous

Original Researcher
Marco Wotschka
Verified
No
WPVDB ID
8438ea50-96d7-4f9c-8bcf-0473d9f8bdc3

Timeline

Publicly Published
2023-05-10 (about 3 years ago)
Added
2023-06-09 (about 2 years ago)
Last Updated
2023-06-09 (about 2 years ago)

Other

Published
Title
Published
2023-10-03
Title
Video Gallery – YouTube Gallery < 2.2.6 - Admin+ SQLi
Published
2026-03-22
Title
WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters < 4.9.2 - Unauthenticated SQL Injection via 'orderby' Parameter
Published
2021-03-26
Title
Quiz And Survey Master < 7.1.14 - Authenticated SQL injection via Rest API
Published
2025-10-08
Title
Community Events < 1.5.2 - Unauthenticated SQL Injection
Published
2022-05-30
Title
Better Find and Replace < 1.3.6 - Admin+ SQLi