The Yoast Duplicate Post plugin for WordPress has a security vulnerability in versions 3.2.3 and earlier. This means administrators and other high-level users can insert malicious code into administrative pages. This only happens in multi-site installations and installations where the security feature ‘unfiltered_html’ has been disabled. The malicious code can be inserted through parameters such as ‘duplicate_post_title_prefix’.