Stored Cross-Site Scripting Vulnerability in Post Duplicator Plugin for WordPress
CVE-2021-33852

5.4MEDIUM

Key Information:

Vendor

WordPress

Vendor
CVE Published:
10 March 2022

What is CVE-2021-33852?

The vulnerability in the Post Duplicator Plugin for WordPress enables stored cross-site scripting (XSS) attacks, allowing malicious users to inject arbitrary JavaScript code. This occurs when a user opens the Settings Page of the plugin, or the application root page, after duplicating a post. If exploited, an attacker could execute the injected script in the context of the user’s browser, potentially compromising user data and privacy.

Affected Version(s)

WordPress Post Duplicator Plugin Version 2.23

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
The Cyber Security Vulnerability Database.