The duplicate-post plugin before 2.6 for WordPress has SQL injection.Referenceshttps://wordpress.org/plugins/duplicate-post/#developers
