Code Injection Vulnerability in WPSpins Post/Page Copying Tool
CVE-2025-24677

9.9CRITICAL

Key Information:

Vendor: WPspins
Status: Post/page Copying Tool
Vendor: CVE Published:; 4 February 2025

Summary

The WPSpins Post/Page Copying Tool is affected by a vulnerability that allows for improper control in the generation of code, enabling remote code inclusion. This flaw impacts the functionality of the plugin from its initial version up to 2.0.3, potentially allowing malicious actors to execute unauthorized commands on compromised systems. It is crucial for users of this plugin to apply necessary patches to mitigate risks associated with this vulnerability and protect their WordPress installations.

Affected Version(s)

Post/Page Copying Tool <= 2.0.3

References

https://patchstack.com/database/wordpress/plugin/postpage...

vdb-entry

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 4, 2025
Vulnerability Reserved
Jan 23, 2025

Credit

João Pedro S Alcântara (Kinorth) (Patchstack Alliance)