Description The Delete Duplicate Posts plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on some of its AJAX actions in all versions up to 4.9 (exclusive). This makes it possible for authenticated attackers, with subscriber access or higher, to delete duplicate posts, access plugin logs, and opt in to Freemius data gathering.
CPE | Name | Operator | Version |
---|---|---|---|
eq | 4.9 |