Description

WordPress Plugin Duplicate Page and Post is injecting spam into the website's content, thus publicizing content to normal site visitors or to search engines without the authorization of the website's owner. WordPress Plugin Duplicate Page and Post version 2.1.1 is vulnerable; prior versions may also be affected.

Remediation

Disable the plugin until a fix is available

References

https://www.wordfence.com/blog/2017/12/plugin-backdoor-supply-chain/

Related Vulnerabilities

WordPress Plugin Learning Courses Privilege Escalation (4.7)

Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-8057)

WordPress Plugin WordPress Download Manager Arbitrary File Upload (2.8.97)

WordPress Plugin CKEditor for WordPress Cross-Site Scripting (4.5.3)

Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2025-23209)

Severity

High

Classification

CWE-610 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update