CVE-2021-25075

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-25075
The Duplicate Page or Post WordPress plugin before 1.5.1 does not have any authorisation and has a flawed CSRF check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin's settings, or perform such attack via CSRF. Furthermore, due to the lack of escaping, this could lead to Stored Cross-Site Scripting issues

3.5 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

3.5 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
https://wpscan.com/vulnerability/db5a0431-af4d-45b7-be4e-36b6c90a601b Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:wpdevart:duplicate_page_or_post:*:*:*:*:*:wordpress:*:*
History

28 Feb 2022, 20:33

Type Values Removed Values Added
CPE cpe:2.3:a:wpdevart:duplicate_page_or_post:*:*:*:*:*:wordpress:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : 3.5
v3 : 3.5
References (MISC) https://wpscan.com/vulnerability/db5a0431-af4d-45b7-be4e-36b6c90a601b - (MISC) https://wpscan.com/vulnerability/db5a0431-af4d-45b7-be4e-36b6c90a601b - Exploit, Third Party Advisory

21 Feb 2022, 11:15

Type Values Removed Values Added
New CVE
Information

Published : 2022-02-21 11:15

Updated : 2024-02-04 22:29

NVD link : CVE-2021-25075

Mitre link : CVE-2021-25075

CVE.ORG link : CVE-2021-25075

JSON object : View

Products Affected

wpdevart

  • duplicate_page_or_post
CWE
CWE-862

Missing Authorization