Description

WordPress Plugin Duplicate Page and Post is injecting spam into the website's content, thus publicizing content to normal site visitors or to search engines without the authorization of the website's owner. WordPress Plugin Duplicate Page and Post version 2.1.1 is vulnerable; prior versions may also be affected.

Remediation

Disable the plugin until a fix is available

References

https://www.wordfence.com/blog/2017/12/plugin-backdoor-supply-chain/

Related Vulnerabilities

WordPress Plugin WP Telegram (Auto Post and Notifications) Unspecified Vulnerability (2.1.8)

WordPress 4.6.x Multiple Vulnerabilities (4.6 - 4.6.14)

WordPress 4.4.x Cross-Site Scripting Vulnerability (4.4 - 4.4.2)

WordPress Plugin Tutor LMS-eLearning and online course solution Cross-Site Scripting (2.0.9)

Joomla! Core 3.x.x Multiple Cross-Site Request Forgery Vulnerabilities (3.0.0 - 3.9.14)

Severity

High

Classification

CWE-610 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update