Search criteria

2 vulnerabilities found for WP Duplicate Page by Unknown

CVE-2022-2093 (GCVE-0-2022-2093)

Vulnerability from nvd – Published: 2022-07-11 12:57 – Updated: 2024-08-03 00:24
VLAI
Title
WP Duplicate Page < 1.3 - Admin+ Stored Cross Site Scripting
Summary
The WP Duplicate Page WordPress plugin before 1.3 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
Severity
No CVSS data available.
CWE
  • CWE-79 - Cross-site Scripting (XSS)
Assigner
References
Impacted products
Vendor Product Version
Unknown WP Duplicate Page Affected: 1.3 , < 1.3 (custom)
Create a notification for this product.
Credits
Sachin Bahl from eSec Forte Technologies Pvt Ltd
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:24:44.260Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/a11628e4-f47b-42d8-9c09-7536d49fce4c"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WP Duplicate Page",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "1.3",
              "status": "affected",
              "version": "1.3",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Sachin Bahl from eSec Forte Technologies Pvt Ltd"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The WP Duplicate Page WordPress plugin before 1.3 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Cross-site Scripting (XSS)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-11T12:57:32.000Z",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wpscan.com/vulnerability/a11628e4-f47b-42d8-9c09-7536d49fce4c"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WP Duplicate Page \u003c 1.3 - Admin+ Stored Cross Site Scripting",
      "x_generator": "WPScan CVE Generator",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "contact@wpscan.com",
          "ID": "CVE-2022-2093",
          "STATE": "PUBLIC",
          "TITLE": "WP Duplicate Page \u003c 1.3 - Admin+ Stored Cross Site Scripting"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "WP Duplicate Page",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "1.3",
                            "version_value": "1.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Unknown"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Sachin Bahl from eSec Forte Technologies Pvt Ltd"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The WP Duplicate Page WordPress plugin before 1.3 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed."
            }
          ]
        },
        "generator": "WPScan CVE Generator",
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79 Cross-site Scripting (XSS)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wpscan.com/vulnerability/a11628e4-f47b-42d8-9c09-7536d49fce4c",
              "refsource": "MISC",
              "url": "https://wpscan.com/vulnerability/a11628e4-f47b-42d8-9c09-7536d49fce4c"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2022-2093",
    "datePublished": "2022-07-11T12:57:32.000Z",
    "dateReserved": "2022-06-15T00:00:00.000Z",
    "dateUpdated": "2024-08-03T00:24:44.260Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-2093 (GCVE-0-2022-2093)

Vulnerability from cvelistv5 – Published: 2022-07-11 12:57 – Updated: 2024-08-03 00:24
VLAI
Title
WP Duplicate Page < 1.3 - Admin+ Stored Cross Site Scripting
Summary
The WP Duplicate Page WordPress plugin before 1.3 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
Severity
No CVSS data available.
CWE
  • CWE-79 - Cross-site Scripting (XSS)
Assigner
References
Impacted products
Vendor Product Version
Unknown WP Duplicate Page Affected: 1.3 , < 1.3 (custom)
Create a notification for this product.
Credits
Sachin Bahl from eSec Forte Technologies Pvt Ltd
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:24:44.260Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/a11628e4-f47b-42d8-9c09-7536d49fce4c"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WP Duplicate Page",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "1.3",
              "status": "affected",
              "version": "1.3",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Sachin Bahl from eSec Forte Technologies Pvt Ltd"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The WP Duplicate Page WordPress plugin before 1.3 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Cross-site Scripting (XSS)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-11T12:57:32.000Z",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wpscan.com/vulnerability/a11628e4-f47b-42d8-9c09-7536d49fce4c"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WP Duplicate Page \u003c 1.3 - Admin+ Stored Cross Site Scripting",
      "x_generator": "WPScan CVE Generator",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "contact@wpscan.com",
          "ID": "CVE-2022-2093",
          "STATE": "PUBLIC",
          "TITLE": "WP Duplicate Page \u003c 1.3 - Admin+ Stored Cross Site Scripting"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "WP Duplicate Page",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "1.3",
                            "version_value": "1.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Unknown"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Sachin Bahl from eSec Forte Technologies Pvt Ltd"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The WP Duplicate Page WordPress plugin before 1.3 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed."
            }
          ]
        },
        "generator": "WPScan CVE Generator",
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79 Cross-site Scripting (XSS)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wpscan.com/vulnerability/a11628e4-f47b-42d8-9c09-7536d49fce4c",
              "refsource": "MISC",
              "url": "https://wpscan.com/vulnerability/a11628e4-f47b-42d8-9c09-7536d49fce4c"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2022-2093",
    "datePublished": "2022-07-11T12:57:32.000Z",
    "dateReserved": "2022-06-15T00:00:00.000Z",
    "dateUpdated": "2024-08-03T00:24:44.260Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}