Security for everyone

CVE-2021-25075 Scanner

Detects 'Cross-Site Request Forgery (CSRF)' vulnerability in Duplicate Page or Post plugin for WordPress affects v. before 1.5.1.

SCAN NOW

Short Info

Level

Low

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Domain, Ipv4

Toolbox

-

Duplicate Page or Post is a WordPress plugin that allows users to make copies of existing pages or posts on their WordPress site. This plugin is used primarily to save time when it comes to content creation. Instead of starting from scratch every time, website owners can simply duplicate their existing content and make necessary changes to it. 

However, recently, a major vulnerability was discovered in this plugin. The CVE-2021-25075 vulnerability was found, which significantly affects the security of this plugin. The flaw is related to the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, where any authenticated user can access and modify the plugin's settings, leading to a Cross-Site Scripting (XSS) attack through CSRF. Due to the lack of proper escaping, this vulnerability could result in Stored Cross-Site Scripting issues.

This vulnerability can potentially allow a hacker to take over an entire website or an account hijack. The stored XSS vulnerability exposes the website to the risk of user information leakage, site defacements, unauthorized changes to posts and pages, and even server takeovers. Malicious attackers can easily exploit this flaw since it requires no special privileges or knowledge to make it happen. Once exploited, it can be difficult to repair the damages and potentially lead to financial losses and legal action.

Security for Everyone is a powerful security platform that can help website owners identify vulnerabilities and fix them efficiently without requiring any technical expertise. The platform offers several features and tools that are designed to help users scan their websites for vulnerabilities, grants alerts on dangerous issues, and provides customized reports to help users take action against threats. By taking advantage of the comprehensive security features available on the Security for Everyone platform, website owners can keep their digital assets safe and secure from potential attacks.

 

REFERENCES

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture