Vulnerabilities and security researches forduplicate-page duplicate-page

Jun 16, 2026

CVE, Research URL: 7b71ccf24044ee8cc2cb48e21b580dfda394bc1f
Home page URL: Security reports for Duplicate Page
Application: Duplicate Page
Date: Apr 25, 2020
Research Description: Duplicate Page [duplicate-page] < 3.4 Duplicate Page Plugins <= (Various Versions) - SQL Injection The Duplicate Page and Post, WP Post Page Clone and Duplicate Page plugins for WordPress are vulnerable to SQL Injection via the ‘post’ parameter in versions up to, and including, 2.5.6, 1.1, and 3.3 respectively, due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions: max 3.4.
Status: vulnerable

CVE, Research URL: 8faa17db6e4c4c305ccdf3047e6868029ac7b535
Home page URL: Security reports for Duplicate Page
Application: Duplicate Page
Date: Apr 08, 2019
Research Description: Duplicate Page [duplicate-page] < 3.4 WordPress Duplicate Page plugin <= 3.3 - Authenticated SQL Injection (SQLi) vulnerability Authenticated SQL Injection (SQLi) vulnerability found by Marc-Alexandre Montpas in WordPress Duplicate Page plugin (versions <= 3.3).
Affected versions: max 3.4.
Status: vulnerable

CVE, Research URL: d668ff1a-7c38-4d7c-95a0-a64f5e741f2e
Home page URL: Security reports for Duplicate Page
Application: Duplicate Page
Date: -
Research Description: Duplicate Page [duplicate-page] < 3.4 Duplicate Page < 3.4 - Authenticated SQL Injection This vulnerability is exploitable by any users with an account on the vulnerable site (regardless of the privileges they have – e.g., subscribers)
Affected versions: max 3.4.
Status: vulnerable

CVE, Research URL: d4a895e4769fefb1c9cedee221ed3553b4e736dd
Home page URL: Security reports for Duplicate Page
Application: Duplicate Page
Date: Mar 22, 2019
Research Description: Duplicate Page [duplicate-page] < 3.4 Duplicate Page <= 3.3 - SQL Injection The Duplicate Page plugin for WordPress is vulnerable to generic SQL Injection via the ‘post' parameter in versions up to, and including, 3.3 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for non-privileged attackers (Ex. subscribers) to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions: max 3.4.
Status: vulnerable

Jul 26, 2024

PSC, Research URL: PSC-2024-64519
Home page URL: Security reports for Duplicate Page
Application: Duplicate Page
Date: Aug 05, 2025
Research Description: The “Duplicate Page” plugin, has achieved the Plugin Security Certification (PSC) from CleanTalk. This certification is a testament to the plugin’s robust security framework, designed to ensure safe and efficient duplication of WordPress posts, pages, and custom post types with a single click.
Affected versions: Min 4.5.9, max 4.5.9.
Status: SAFE & CERTIFIED

Jun 07, 2024

CVE, Research URL: CVE-2021-24681
Home page URL: Security reports for Duplicate Page
Application: Duplicate Page
Date: Oct 11, 2021
Research Description: The Duplicate Page WordPress plugin through 4.4.2 does not sanitise or escape the Duplicate Post Suffix settings before outputting it, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Affected versions: max 4.4.3.
Status: vulnerable