CVE-2021-24681
MEDIUM NUCLEIDuplicate Page < 4.4.2 - Authenticated Stored Cross-Site Scripting via Duplicate Post Suffix
Title source: llmExploitation Summary
CVE-2021-24681 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
The Duplicate Page WordPress plugin through 4.4.2 does not sanitise or escape the Duplicate Post Suffix settings before outputting it, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Nuclei Templates (1)
Duplicate Page WordPress - Stored Cross-Site Scripting
MEDIUMVERIFIEDby theamanrawat
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/9ebdd1df-1d6f-4399-8b0f-77a79f841464
Scores
CVSS v3
4.8
EPSS
0.0087
EPSS Percentile
54.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
duplicatepro/duplicate_page
< 4.4.2
Published
Oct 11, 2021
Tracked Since
Feb 18, 2026