cleantalk
Vulnerabilities and Security Researches

Remove Duplicate Posts, 1f5faa66dc6d492718ce5db9c3895b5840416340

CVE, Research URL

1f5faa66dc6d492718ce5db9c3895b5840416340

Home page URL

Security reports for Remove Duplicate Posts

Application

Remove Duplicate Posts

Published on
Jul 24, 2023
Research Description
Remove Duplicate Posts [remove-duplicate-posts] < 1.3 (closed) Remove Duplicate Posts <= 1.3.5 - Missing Authorization to Post Deletion The Remove Duplicate Posts plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rdp_ajax_process() and rdp_get_result() functions in versions up to, and including, 1.3.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete posts and retrieve duplicate post ids.
Affected versions
max 1.3.
Status
vulnerable
Previous vulnerability researches
Remove Duplicate Posts (1f5faa66dc6d492718ce5db9c3895b5840416340) , Jun 07, 2024
Remove Duplicate Posts (CVE-2023-29237) , Jun 10, 2024
New vulnerability
ID Arrays (CVE-2025-68854) , Feb 27, 2026
Razorpay for WooCommerce (CVE-2025-14294) , Feb 27, 2026
Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease! (CVE-2026-22422) , Feb 27, 2026
WooCommerce Checkout &amp; Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce (CVE-2026-25316) , Feb 27, 2026
Autopost for X (formerly Autoshare for Twitter) (CVE-2026-25311) , Feb 27, 2026