Duplicated Vulnerabilities in WordPress Plugins
During a recent plugin audit, we noticed a weird pattern among many plugins responsible for performing a specific task: Duplicating a page or a post.
With a bit of research, we came to the following conclusion: Many of these plugins came from the same source — and contained the same vulnerabilities.
SQL Injections in Vulnerable Plugins
Let’s talk for a moment about the original code sample that this entire scenario stems from: A blog post from Misha Rudrastyh, written back in 2013, detailing how to duplicate posts without the help of a plugin by inserting a bit of code into a theme’s function.php file.