CVE-2019-25314

MEDIUM

Yoast Duplicate-Post WP <3.2.3 - XSS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25314. PoCs published by Unk9vvN.

AI-analyzed exploit summary This exploit demonstrates a persistent Cross-Site Scripting (XSS) vulnerability in the Duplicate-Post WordPress plugin version 3.2.3. The payload is injected into plugin settings fields, which are then stored and executed when accessed.

Description

Yoast Duplicate-Post WordPress Plugin 3.2.3 contains a persistent cross-site scripting vulnerability in plugin settings parameters. Attackers can inject malicious scripts into title prefix, suffix, menu order, and blacklist fields to execute arbitrary JavaScript in admin interfaces.

Exploits (1)

exploitdb WORKING POC
by Unk9vvN · textwebappsphp
https://www.exploit-db.com/exploits/47424

This exploit demonstrates a persistent Cross-Site Scripting (XSS) vulnerability in the Duplicate-Post WordPress plugin version 3.2.3. The payload is injected into plugin settings fields, which are then stored and executed when accessed.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Duplicate-Post WordPress plugin 3.2.3
Auth required
Prerequisites: Access to WordPress admin panel · Duplicate-Post plugin installed and activated
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v3 5.5
EPSS 0.0021
EPSS Percentile 10.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

Status published
Products (1)
Yoast/Duplicate-Post 0.3 - 3.2.3
Published Feb 11, 2026
Tracked Since Feb 18, 2026