Vulnerabilities and security researches forremove-duplicate-posts remove-duplicate-posts

Jun 10, 2024

CVE, Research URL: CVE-2023-29237
Home page URL: Security reports for Remove Duplicate Posts
Application: Remove Duplicate Posts
Date: -
Research Description: The Remove Duplicate Posts plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rdp_ajax_process() and rdp_get_result() functions in versions up to, and including, 1.3.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete posts and retrieve duplicate post ids.
Affected versions: max 1.3.5.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: 1f5faa66dc6d492718ce5db9c3895b5840416340
Home page URL: Security reports for Remove Duplicate Posts
Application: Remove Duplicate Posts
Date: Jul 24, 2023
Research Description: Remove Duplicate Posts [remove-duplicate-posts] < 1.3 (closed) Remove Duplicate Posts <= 1.3.5 - Missing Authorization to Post Deletion The Remove Duplicate Posts plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rdp_ajax_process() and rdp_get_result() functions in versions up to, and including, 1.3.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete posts and retrieve duplicate post ids.
Affected versions: max 1.3.
Status: vulnerable