Vulnerabilities and security researches forcopy-delete-posts copy-delete-posts

Jun 07, 2024

CVE, Research URL: CVE-2021-43408
Home page URL: Security reports for Duplicate Post
Application: Duplicate Post
Date: Nov 19, 2021
Research Description: The "Duplicate Post" WordPress plugin up to and including version 1.1.9 is vulnerable to SQL Injection. SQL injection vulnerabilities occur when client supplied data is included within an SQL Query insecurely. SQL Injection can typically be exploited to read, modify and delete SQL table data. In many cases it also possible to exploit features of SQL server to execute system commands and/or access the local file system. This particular vulnerability can be exploited by any authenticated user who has been granted access to use the Duplicate Post plugin. By default, this is limited to Administrators, however the plugin presents the option to permit access to the Editor, Author, Contributor and Subscriber roles.
Affected versions: max 1.2.0.
Status: vulnerable

CVE, Research URL: CVE-2023-0958
Home page URL: Security reports for Duplicate Post
Application: Duplicate Post
Date: Jul 28, 2023
Research Description: Several plugins for WordPress by Inisev are vulnerable to unauthorized installation of plugins due to a missing capability check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for authenticated attackers with minimal permissions, such as subscribers, to install select plugins from Inisev on vulnerable sites. CVE-2023-38514 appears to be a duplicate of this vulnerability.
Affected versions: max 1.4.0.
Status: vulnerable

CVE, Research URL: CVE-2023-3977
Home page URL: Security reports for Duplicate Post
Application: Duplicate Post
Date: Jul 28, 2023
Research Description: Several plugins for WordPress by Inisev are vulnerable to Cross-Site Request Forgery to unauthorized installation of plugins due to a missing nonce check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for unauthenticated attackers to install plugins from the limited list via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 1.4.2.
Status: vulnerable

CVE, Research URL: CVE-2024-31435
Home page URL: Security reports for Duplicate Post
Application: Duplicate Post
Date: -
Research Description: Duplicate Post [copy-delete-posts] < 1.4.5 CVE-2024-31435
Affected versions: max 1.4.5.
Status: vulnerable

Mar 20, 2025

CVE, Research URL: CVE-2023-38514
Home page URL: Security reports for Duplicate Post
Application: Duplicate Post
Date: Dec 13, 2024
Research Description: Missing Authorization vulnerability in social share pro Social Share Icons & Social Share Buttons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Share Icons & Social Share Buttons: from n/a through 3.5.7.
Affected versions: max 1.4.0.
Status: vulnerable

Jun 12, 2026

CVE, Research URL: CVE-2026-53738
Home page URL: Security reports for Duplicate Post
Application: Duplicate Post
Date: Jun 11, 2026
Research Description: Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin role invoke every operation in the cdp_action_handling AJAX handler. Attackers with an enabled role can delete posts or overwrite plugin settings via the f parameter, bypassing per-function capability checks.
Affected versions: max 1.5.4.
Status: vulnerable