CVE-2021-43408

HIGH Year: 2021
CVSS v3 Score
8.8
High
CVSS v2 Score
9.0
Critical
Weakness Type
CWE-89
View all →

Vulnerability Description

The "Duplicate Post" WordPress plugin up to and including version 1.1.9 is vulnerable to SQL Injection. SQL injection vulnerabilities occur when client supplied data is included within an SQL Query insecurely. SQL Injection can typically be exploited to read, modify and delete SQL table data. In many cases it also possible to exploit features of SQL server to execute system commands and/or access the local file system. This particular vulnerability can be exploited by any authenticated user who has been granted access to use the Duplicate Post plugin. By default, this is limited to Administrators, however the plugin presents the option to permit access to the Editor, Author, Contributor and Subscriber roles.

Related Vulnerabilities

CVE-2007-10003

HIGH
CVSS:8.8(High)

A vulnerability, which was classified as critical, has been found in The Hackers Diet Plugin up to 0.9.6b on WordPress. This issue affects some unknown processing of the file ajax_blurb.php of the com...

CWE-892007

CVE-2010-3662

HIGH
CVSS:8.8(High)

TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows SQL Injection on the backend.

CWE-892010

CVE-2011-0467

HIGH
CVSS:8.8(High)

A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected ...

CWE-892011

CVE-2012-4383

HIGH
CVSS:8.8(High)

contao prior to 2.11.4 has a sql injection vulnerability

CWE-892012

CVE-2013-3638

HIGH
CVSS:8.8(High)

SQL injection vulnerability in Boonex Dolphin before 7.1.3 allows remote authenticated users to execute arbitrary SQL commands via the 'pathes' parameter in 'categories.php'.

CWE-892013