CVE-2025-6189
Published
CVSS v3
6.5
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT
Description
The Duplicate Page and Post plugin for WordPress is vulnerable to time-based SQL Injection via the ‘meta_key’ parameter in all versions up to, and including, 2.9.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
<p>Duplicate page and post plugin provides functionality to create a clone of page or posts. You can duplicate pages, posts and custom post by single click and it will be saved as draft.<br />
Duplicate page and post doesn’t have a lot of features that other plugins have, but it also is lightning fast by comparison.</p>
<h4>Major features of this plugin include</h4>
<ul>
<li>Create a clone of particular page.</li>
<li>Create a clone of particular post.</li>
<li>Create a clone of particular custom post(CPT).</li>
<li>Option to select editor (Classic and Gutenberg)</li>
<li>Option to add Post Suffix.</li>
<li>Option to add custom text for duplicate link button.</li>
<li>Option to select Duplicate Posts Status.</li>
<li>Option to Redirect after click on Duplicate.</li>
</ul>
<h4>Like the plugin?</h4>
<p><a href="https://wordpress.org/support/plugin/duplicate-wp-page-post/reviews/?rate=5#new-post" rel="ugc">Please Vote</a>, Your votes really make a difference! Thanks.</p>
WordPress Plugin Directory