Plateforme
wordpress
Composant
duplicate-content-cure
Corrigé dans
1.0.1
A Cross-Site Request Forgery (CSRF) vulnerability exists in the Duplicate Content Cure WordPress plugin, impacting versions from 0.0.0 through 1.0. This flaw allows an attacker to trick authenticated users into performing actions they did not intend, potentially leading to unauthorized modifications of website content or settings. The vulnerability was publicly disclosed on December 9, 2025, and a fix is available in a later version of the plugin.
The CSRF vulnerability allows an attacker to craft malicious requests that appear to originate from a legitimate user of the Duplicate Content Cure plugin. If a user clicks a crafted link or visits a malicious website, the attacker can execute actions as that user, such as modifying duplicate content settings, deleting content, or potentially gaining access to sensitive data. The blast radius is limited to the scope of actions available within the plugin itself, but unauthorized changes to website content can significantly impact SEO and user experience. Successful exploitation requires the user to be authenticated within the WordPress site and interact with the malicious request.
This vulnerability is currently not listed on the CISA KEV catalog. Public proof-of-concept exploits are not widely available, suggesting a low to medium probability of active exploitation. The vulnerability was disclosed in December 2025, giving attackers time to develop and deploy exploits. Monitor WordPress security forums and vulnerability databases for any signs of active exploitation.
Websites using the Duplicate Content Cure plugin, particularly those with shared hosting environments or legacy WordPress configurations, are at increased risk. Users who frequently interact with the plugin's content duplication features are also more vulnerable to exploitation.
• wordpress / composer / npm:
grep -r 'Duplicate Content Cure' /var/www/html/wp-content/plugins/
wp plugin list | grep 'Duplicate Content Cure'• generic web:
curl -I https://your-wordpress-site.com/wp-admin/admin-ajax.php?action=duplicate_content_cure_action¶m=some_value | grep -i 'csrf_token'disclosure
Statut de l'Exploit
EPSS
0.02% (percentile 5%)
CISA SSVC
Vecteur CVSS
The primary mitigation is to upgrade the Duplicate Content Cure plugin to a version that addresses this vulnerability. If upgrading immediately is not feasible due to compatibility issues or breaking changes, consider implementing a Web Application Firewall (WAF) rule to filter out potentially malicious CSRF tokens. WordPress’s core CSRF protection mechanisms can offer some limited protection, but relying solely on this is not recommended. Carefully review any plugin settings related to content duplication and ensure they are configured securely. After upgrading, verify the fix by attempting to trigger a CSRF request using a known exploit technique and confirming that it is blocked.
Aucun correctif connu n'est disponible. Veuillez examiner en profondeur les détails de la vulnérabilité et mettre en œuvre des mesures d'atténuation en fonction de la tolérance au risque de votre organisation. Il peut être préférable de désinstaller le logiciel affecté et de trouver un remplacement.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2025-59132 is a Cross-Site Request Forgery vulnerability affecting versions 0.0.0–1.0 of the Duplicate Content Cure WordPress plugin, allowing attackers to perform unauthorized actions.
You are affected if your WordPress site uses the Duplicate Content Cure plugin in versions 0.0.0 through 1.0. Upgrade to a patched version to resolve the vulnerability.
Upgrade the Duplicate Content Cure plugin to a version that includes the fix. If immediate upgrade is not possible, implement a WAF rule to mitigate the risk.
While no widespread exploitation has been confirmed, the vulnerability was disclosed recently, and exploitation is possible. Monitor security advisories for updates.
Check the Badi Jones website and WordPress plugin repository for the official advisory and updated plugin version.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.