Vulnerabilities and security researches forwp-duplicate-page wp-duplicate-page

Jun 07, 2024

CVE, Research URL: CVE-2022-2093
Home page URL: Security reports for WP Duplicate Page
Application: WP Duplicate Page
Date: Jul 11, 2022
Research Description: The WP Duplicate Page WordPress plugin before 1.3 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
Affected versions: max 1.3.
Status: vulnerable

Dec 10, 2025

CVE, Research URL: CVE-2025-12481
Home page URL: Security reports for WP Duplicate Page
Application: WP Duplicate Page
Date: Nov 18, 2025
Research Description: The WP Duplicate Page plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.7. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'saveSettings' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to modify plugin settings that control role capabilities, and subsequently exploit the misconfigured capabilities to duplicate and view password-protected posts containing sensitive information.
Affected versions: max 1.8.
Status: vulnerable