CVE-2019-25314
Duplicate-Post 3.2.3 - Persistent Cross-Site Scripting
CVSS Score
5.5
EPSS Score
0.0%
EPSS Percentile
0th
Yoast Duplicate-Post WordPress Plugin 3.2.3 contains a persistent cross-site scripting vulnerability in plugin settings parameters. Attackers can inject malicious scripts into title prefix, suffix, menu order, and blacklist fields to execute arbitrary JavaScript in admin interfaces.
| Vendor | yoast |
| Product | duplicate-post |
| Published | Feb 11, 2026 |
| Last Updated | Mar 5, 2026 |
Stay Ahead of the Next One
Get instant alerts for yoast duplicate-post
Be the first to know when new medium vulnerabilities affecting yoast duplicate-post are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Affected Versions
Yoast / Duplicate-Post
0.3 โค 3.2.3
References
exploit-db.com: https://www.exploit-db.com/exploits/47424 duplicate-post.lopo.it: https://duplicate-post.lopo.it/ wordpress.org: https://wordpress.org/plugins/duplicate-post/ vulncheck.com: https://www.vulncheck.com/advisories/duplicate-post-persistent-cross-site-scripting wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/duplicate-post/yoast-duplicate-post-323-authenticated-admin-stored-cross-site-scripting
Credits
Unk9vvN