WordPress Duplicate Page and Post plugin

8.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Arjun Thakur Duplicate Page and Post allows Blind SQL Injection.

This issue affects Duplicate Page and Post: from n/a through 2.9.5.

AI Analysis

SQL Injection vulnerability in Duplicate Page and Post plugin

Basic Information

ID CVE-2026-49046

Source Patchstack

Published May 27, 2026 at 14:49

Affected Product

Vendor Arjun Thakur

Product Duplicate Page and Post

Version n/a

Affected Versions Arjun Thakur Duplicate Page and Post n/a

CWE Classification

CWE-89

AI Assessment

AI Score 8.5 / 10

AI Severity High

Vendor Arjun Thakur

Product Duplicate Page and Post

Version 2.9.5

References

patchstack.com /database/wordpress/plugin/duplicate-wp-page-post/vulnerability/wordpress-duplicate-page-and-post-plugin-2-9-5-sql-injection-vulnerability

{
    "lastseen": "",
    "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Arjun Thakur Duplicate Page and Post allows Blind SQL Injection.\n\nThis issue affects Duplicate Page and Post: from n/a through 2.9.5.",
    "published": "2026-05-27T14:49:37.761Z",
    "modified": "2026-05-27T14:49:37.761Z",
    "type": "cve",
    "title": "WordPress Duplicate Page and Post plugin <= 2.9.5 - SQL Injection vulnerability",
    "source": "Patchstack",
    "references": "https://patchstack.com/database/wordpress/plugin/duplicate-wp-page-post/vulnerability/wordpress-duplicate-page-and-post-plugin-2-9-5-sql-injection-vulnerability?_s_id=cve",
    "id": "CVE-2026-49046",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "Arjun Thakur Duplicate Page and Post n/a",
    "sourceHref": "",
    "cvss": {
        "score": 8.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Duplicate Page and Post",
    "version": "n/a",
    "vendor": "Arjun Thakur",
    "ai_description": "SQL Injection vulnerability in Duplicate Page and Post plugin",
    "ai_severity": "High",
    "ai_vendor": "Arjun Thakur",
    "ai_product": "Duplicate Page and Post",
    "ai_version": "2.9.5",
    "ai_score": 8.5
}

WordPress Duplicate Page and Post plugin <= 2.9.5 - SQL Injection vulnerability_CVE-2026-49046