GHSA-57q8-6wvw-p94hHighCVSS 7.2

The Post Duplicator WordPress plugin before 3.0.15 does not safely handle custom meta-data during...

Published
June 24, 2026
Last Modified
June 24, 2026

🔗 CVE IDs covered (1)

📋 Description

The Post Duplicator WordPress plugin before 3.0.15 does not safely handle custom meta-data during post duplication, storing attacker-supplied serialized values without the WordPress meta API's double-serialization protection, allowing users with Contributor-level access and above to inject a PHP Object.

🔗 References (3)