A plugin called Page and Post Clone for WordPress has a security vulnerability that allows for SQL Injection. This means that attackers with Contributor or higher access can add their own malicious code into existing queries and access sensitive information from the website’s database. The code is stored as a post meta key and is executed when a post is cloned.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
