Duplicator < 1.5.7.1 – Settings Removal via CSRF | CVE 2023-51681

Affects Plugins

Fixed in 1.5.7.1

References

CVE

CVE-2023-51681

URL

https://patchstack.com/database/vulnerability/duplicator/wordpress-duplicator-plugin-1-5-7-cross-site-request-forgery-csrf-vulnerability

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-352

CVSS

4.3 (medium)

Miscellaneous

Original Researcher

Rafie Muhammad

Verified

No

WPVDB ID

c2aca72c-6aa5-4fda-966f-f4f045eda828

Timeline

Publicly Published

2023-12-27 (about 2 years ago)

Added

2024-01-04 (about 2 years ago)

Last Updated

2024-01-04 (about 2 years ago)

Other

Published

Title

Published

2025-10-21

Title

PowerPress Podcasting < 11.14 - Cross-Site Request Forgery

Published

2024-08-23

Title

Favicon Generator < 2.1 - Arbitrary File Deletion via CSRF

Published

2024-03-28

Title

Landingi Landing Pages < 3.1.2 - Cross-Site Request Forgery

Published

2025-07-16

Title

Newsletters < 4.11 - Cross-Site Request Forgery

Published

2021-06-21

Title

Contact Form 7 Style <= 3.2 - Cross-Site Request Forgery