GCVE - cpe:2.3:a:inisev:duplicate_post:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:inisev:duplicate_post:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Inisev (`f56a1d9c-c546-5c00-839e-72dda3ed8869`)
Product	Duplicate Post (`0add3f35-5a4d-534a-a2b1-da12bf5e46d2`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-3977`	vulnerable	2026-06-08 06:09:40.939660	Inisev Plugins (Various Versions) - Cross-Site Request Forgery on handle_installation function MEDIUM (4.3) Several plugins for WordPress by Inisev are vulnerable to Cross-Site Request Forgery to unauthorized installation of plugins due to a missing nonce check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for unauthenticated attackers to install plugins from the limited list via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Published: 2023-07-28T04:37:03.018Z Updated: 2026-04-08T17:14:37.640Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/ab7c8926-c762-49b1-bc97-4b7a2f4f97fc?source=cve https://plugins.trac.wordpress.org/browser/feedburner-alternative-and-rss-redirect/tags/3.7/modules/banner/misc.php#L427 https://plugins.trac.wordpress.org/browser/ultimate-social-media-icons/tags/2.8.0/banner/misc.php#L424 https://plugins.trac.wordpress.org/browser/copy-delete-posts/tags/1.3.8/banner/misc.php#L426 https://plugins.trac.wordpress.org/browser/wp-clone-by-wp-academy/tags/2.3.7/modules/banner/misc.php#L438	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-0958`	vulnerable	2026-06-08 05:52:33.519004	Inisev Plugins (Various Versions) - Missing Authorization on handle_installation function MEDIUM (4.3) Several plugins for WordPress by Inisev are vulnerable to unauthorized installation of plugins due to a missing capability check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for authenticated attackers with minimal permissions, such as subscribers, to install select plugins from Inisev on vulnerable sites. CVE-2023-38514 appears to be a duplicate of this vulnerability. Published: 2023-07-28T04:37:03.650Z Updated: 2026-04-08T17:24:39.864Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/cf7bdd0e-f3b3-4be5-8a30-2c6d9cb783a3?source=cve https://plugins.trac.wordpress.org/browser/feedburner-alternative-and-rss-redirect/tags/3.7/modules/banner/misc.php#L427 https://plugins.trac.wordpress.org/browser/ultimate-social-media-icons/tags/2.8.0/banner/misc.php#L424 https://plugins.trac.wordpress.org/browser/copy-delete-posts/tags/1.3.8/banner/misc.php#L426 https://plugins.trac.wordpress.org/browser/wp-clone-by-wp-academy/tags/2.3.7/modules/banner/misc.php#L438	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.