CVE-2019-25314

MEDIUM

Yoast Duplicate-Post WP <3.2.3 - XSS

Title source: llm

Description

Yoast Duplicate-Post WordPress Plugin 3.2.3 contains a persistent cross-site scripting vulnerability in plugin settings parameters. Attackers can inject malicious scripts into title prefix, suffix, menu order, and blacklist fields to execute arbitrary JavaScript in admin interfaces.

Exploits (1)

exploitdb WORKING POC

by Unk9vvN · textwebappsphp

https://www.exploit-db.com/exploits/47424

View Code ZIP pw:eip

References (5)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/47424

[Various Sources] https://duplicate-post.lopo.it/

[Product] https://wordpress.org/plugins/duplicate-post/

[Third Party Advisory] https://www.vulncheck.com/advisories/duplicate-post-persistent-cross-site-scripting

[Third Party Advisory] https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/duplicate-post/yoast-duplicate-post-323-authenticated-admin-stored-cross-site-scripting

Scores

CVSS v3 5.5

EPSS 0.0004

EPSS Percentile 12.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

Status published

Products (1)

Yoast/Duplicate-Post 0.3 - 3.2.3

Published Feb 11, 2026

Tracked Since Feb 18, 2026