CVE-2026-10749
EUVD-2026-3869424.06.2026, 07:16
The Post Duplicator WordPress plugin before 3.0.15 does not safely handle custom meta-data during post duplication, storing attacker-supplied serialized values without the WordPress meta API's double-serialization protection, allowing users with Contributor-level access and above to inject a PHP Object.Enginsight
Awaiting analysis
This vulnerability is currently awaiting analysis.