cleantalk
Vulnerabilities and Security Researches

WP Duplicate Page, CVE-2025-12481

CVE, Research URL

CVE-2025-12481

Home page URL

Security reports for WP Duplicate Page

Application

WP Duplicate Page

Published on
Nov 18, 2025
Research Description
The WP Duplicate Page plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.7. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'saveSettings' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to modify plugin settings that control role capabilities, and subsequently exploit the misconfigured capabilities to duplicate and view password-protected posts containing sensitive information.
Affected versions
max 1.8.
Status
vulnerable
Previous vulnerability researches
Master Slider – Responsive Touch Slider (CVE-2024-37222) , Jun 21, 2024
Master Slider – Responsive Touch Slider (CVE-2024-6490) , Jul 28, 2024
Master Slider – Responsive Touch Slider (CVE-2025-39412) , Apr 29, 2025
Master Slider – Responsive Touch Slider (CVE-2025-5291) , Jun 17, 2025
Master Slider – Responsive Touch Slider (CVE-2023-50900) , Jul 22, 2024
New vulnerability
SKT Skill Bar (CVE-2025-66090) , Dec 11, 2025
Trail Manager (CVE-2025-13682) , Dec 11, 2025
Course Booking System (CVE-2025-12042) , Dec 11, 2025
Chamber Dashboard Business Directory (CVE-2025-13414) , Dec 11, 2025
Team Members – Best WordPress Team Plugin with Team Slider, Team Showcase & Team Builder (CVE-2025-11560) , Dec 11, 2025