https://www.pluginvulnerabilities.com/2017/10/20/authenticated-information-disclosure-vulnerability-in-duplicate-page/

We recently went to a take a look at the details of a reflected cross-site scripting (XSS) vulnerability that had been disclosed in the plugin Duplicate Page we noticed that it also had a cross-site request forgery (CSRF) vulnerability. After that we remember that a similar plugin Duplicate Post had previously had a vulnerability that allowed lower level users to get

Share This