cleantalk
Vulnerabilities and Security Researches

WP Quick Post Duplicator, 8c412c0666baee67ae3ee0f0eb18d8d95123aee2

CVE, Research URL

8c412c0666baee67ae3ee0f0eb18d8d95123aee2

Home page URL

Security reports for WP Quick Post Duplicator

Application

WP Quick Post Duplicator

Published on
Jul 25, 2023
Research Description
WP Quick Post Duplicator [wp-quick-post-duplicator] < 2.1 WP Quick Post Duplicator <= 2.0 - Missing Authorization The WP Quick Post Duplicator plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the apj_duplicate_post_as_a_draft() function in versions up to, and including, 2.0. This makes it possible for authenticated attackers, with contributor-level access and above, to duplicate arbitrary posts that may have protected content.
Affected versions
Min -, max 2.1.
Status
vulnerable
Previous vulnerability researches
WP Quick Post Duplicator (8c412c0666baee67ae3ee0f0eb18d8d95123aee2) , Jun 07, 2024
WP Quick Post Duplicator (CVE-2023-31214) , Jun 10, 2024
New vulnerability
WP Edit (CVE-2025-53253) , Jul 01, 2025
Accept Authorize.NET Payments Using Contact Form 7 (CVE-2025-53322) , Jul 01, 2025
Owl carousel responsive (CVE-2025-5590) , Jul 01, 2025
App Builder &#8211; Create Native Android &amp; iOS Apps On The Flight (CVE-2025-49989) , Jul 01, 2025
Sitekit (CVE-2025-50047) , Jul 01, 2025