Vulnerabilities > Wpdevart > Duplicate Page OR Post > Low

DATE CVE VULNERABILITY TITLE RISK
2022-02-21 CVE-2021-25075 Missing Authorization vulnerability in Wpdevart Duplicate Page or Post
The Duplicate Page or Post WordPress plugin before 1.5.1 does not have any authorisation and has a flawed CSRF check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin's settings, or perform such attack via CSRF.
network
wpdevart CWE-862
3.5