CVE-2016-15027 LOW

CVE-2016-15027: meta4creations Post Duplicator Plugin notices.php mtphr_post_duplicator_notice cross site scripting

Vendor Meta4Creations
Product Post Duplicator Plugin
Weakness CWE-79 · XSS
Published February 20, 2023
Last update August 6, 2024
View on NVD All CVEs

CVSS base score

3.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability was found in meta4creations Post Duplicator Plugin 2.18 on WordPress. It has been classified as problematic. Affected is the function mtphr_post_duplicator_notice of the file includes/notices.php. The manipulation of the argument post-duplicated leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.19 is able to address this issue. The name of the patch is ca67c05e490c0cf93a1e9b2d93bfeff3dd96f594. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221496.

Key dates

02Disclosure timeline

February 20, 2023 CVE published
August 6, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-5530 WPC Smart Compare for WooCommerce <= 6.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2026-6417 GLS Shipping for WooCommerce <= 1.4.0 - Reflected Cross-Site Scripting via 'failed_orders' CVE-2026-24528 WordPress Nova Blocks plugin <= 2.1.9 - Cross Site Scripting (XSS) vulnerability CVE-2026-24584 WordPress Tutor LMS BunnyNet Integration plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability CVE-2025-60131 WordPress Werk aan de Muur Plugin <= 1.5 - Cross Site Scripting (XSS) Vulnerability