Description

WordPress Plugin Duplicate Page and Post is injecting spam into the website's content, thus publicizing content to normal site visitors or to search engines without the authorization of the website's owner. WordPress Plugin Duplicate Page and Post version 2.1.1 is vulnerable; prior versions may also be affected.

Remediation

Disable the plugin until a fix is available

References

https://www.wordfence.com/blog/2017/12/plugin-backdoor-supply-chain/

Related Vulnerabilities

WordPress Plugin Breadcrumb NavXT Information Disclosure (6.1.0)

Jboss EAP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2015-5220)

WordPress Plugin WP Coder-add custom html, css and js code Cross-Site Request Forgery (2.5.1)

WordPress Plugin Portfolio for Elementor, Image Gallery & Post Grid-PowerFolio Unspecified Vulnerability (2.3.1)

WordPress Plugin PDW Media File Browser 'upload.php' Arbitrary File Upload (1.1)

Severity

High

Classification

CWE-610 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update