VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 5 known issues Latest disclosed Mar 17, 2026

Yoast Duplicate Post Vulnerabilities

Review known vulnerability records for the WordPress plugin Yoast Duplicate Post (`duplicate-post`), including severity, CVE references, affected versions, and patch status.

View on WordPress.org Back to Feed
Known Records
5
High or Critical
1
Linked CVEs
5
Last Updated
Mar 17, 2026
Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Yoast Duplicate Post so operators can quickly confirm whether a disclosed issue maps to the installed slug and version range.

Patch Visibility
5 records include a published patch path.
Severity Mix
1 critical and 0 high severity findings.
Reference Workflow
Jump from the hub into the full report when you need remediation notes, CVSS vector details, or source references.
Known Vulnerabilities

Reports for Yoast Duplicate Post

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2026-1217
Yoast Duplicate Post <= 4.5 - Authenticated (Contributor+) Missing Authorization to Arbitrary Post Duplication and Overwrite

The Yoast Duplicate Post plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clone_bulk_action_handler() and republish_request() functions in all versions up to, and including, 4.5. This makes it possible for authentica...

Published
Mar 17, 2026
Patched Release
4.6
Affected Versions
Versions up to 4.5
Next Step
Update to 4.6 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2019-25314
Duplicate Post <= 3.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

The Duplicate Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above,...

Published
Feb 11, 2026
Patched Release
3.2.4
Affected Versions
Versions up to 3.2.3
Next Step
Update to 3.2.4 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2019-25314
Yoast Duplicate Post <= 3.2.3 - Authenticated (Admin+) Stored Cross-Site Scripting

The Yoast Duplicate Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.2.3. This makes it possible for high-level authenticated users, such as administrators, to inject arbitrary web scripts into administrative pages via sev...

Published
Sep 26, 2019
Patched Release
3.2.4
Affected Versions
Versions before 3.2.4
Next Step
Update to 3.2.4 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2014-10378
Yoast Duplicate Post <= 2.6 - Cross-Site Scripting

The Yoast Duplicate Post plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 2.6 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's br...

Published
Aug 01, 2014
Patched Release
3.0
Affected Versions
Versions up to 2.6
Next Step
Update to 3.0 or newer if supported.
Open Full Report Open CVE Reference
Plugin Critical Patched: Yes CVE-2014-10379
Yoast Duplicate Post <= 2.5 - SQL Injection

The duplicate-post plugin before 2.6 for WordPress has SQL injection.

Published
Aug 01, 2014
Patched Release
2.6
Affected Versions
Versions up to 2.5
Next Step
Update to 2.6 or newer if supported.
Open Full Report Open CVE Reference