CVE-2026-10749 - Post Duplicator < 3.0.15 - Contributor+ PHP Object Injection via customMetaData
CVE ID :CVE-2026-10749
Published : June 24, 2026, 6 a.m. | 1 hour, 41 minutes ago
Description :The Post Duplicator WordPress plugin before 3.0.15 does not safely handle custom meta-data during post duplication, storing attacker-supplied serialized values without the WordPress meta API's double-serialization protection, allowing users with Contributor-level access and above to inject a PHP Object.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Published : June 24, 2026, 6 a.m. | 1 hour, 41 minutes ago
Description :The Post Duplicator WordPress plugin before 3.0.15 does not safely handle custom meta-data during post duplication, storing attacker-supplied serialized values without the WordPress meta API's double-serialization protection, allowing users with Contributor-level access and above to inject a PHP Object.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...