Skip to main content

Post Duplicator

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-39474 HIGH This Week

PHP Object Injection in the Post Duplicator WordPress plugin versions <= 3.0.10 allows authenticated users with Contributor-level privileges to trigger insecure deserialization, potentially leading to remote code execution, data tampering, or full site compromise. The flaw is rated CVSS 8.8 (High) and was disclosed by Patchstack. No public exploit identified at time of analysis and the vulnerability is not currently listed in CISA KEV.

PHP Deserialization Post Duplicator
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-39474
EPSS 0% CVSS 8.8
HIGH This Week

PHP Object Injection in the Post Duplicator WordPress plugin versions <= 3.0.10 allows authenticated users with Contributor-level privileges to trigger insecure deserialization, potentially leading to remote code execution, data tampering, or full site compromise. The flaw is rated CVSS 8.8 (High) and was disclosed by Patchstack. No public exploit identified at time of analysis and the vulnerability is not currently listed in CISA KEV.

PHP Deserialization Post Duplicator
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy