cleantalk

Vulnerabilities and Security Researches

Security report for CVE Post Duplicator > CVE-2024-12472

CVE, Research URL

CVE-2024-12472

Home page URL

Security reports for Post Duplicator

Application

Post Duplicator

Published on
Jan 11, 2025
Research Description
The Post Duplicator plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.36 via the mtphr_duplicate_post() due to insufficient restrictions on which posts can be duplicated. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to by duplicating the post.
Affected versions
Min -, max 2.37.
Status
vulnerable
Previous vulnerability researches
Multisite Post Duplicator (CVE-2016-10944) , Jun 07, 2024
WP Quick Post Duplicator (8c412c0666baee67ae3ee0f0eb18d8d95123aee2) , Jun 07, 2024
WP Quick Post Duplicator (CVE-2023-31214) , Jun 10, 2024
Post Duplicator , Dec 17, 2024
Post Duplicator (CVE-2025-24736) , Jan 25, 2025
New vulnerability
Bulk Categories Assign (CVE-2025-23582) , Feb 05, 2025
Songkick Concerts and Festivals (CVE-2025-25146) , Feb 05, 2025
Auto SEO (CVE-2025-25147) , Feb 05, 2025
Smart DoFollow (CVE-2025-25152) , Feb 05, 2025
WP Mailster (CVE-2025-24559) , Feb 05, 2025