CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-12481 – WP Duplicate Page <= 1.7 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2025-12481
17 Nov 2025 — The WP Duplicate Page plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.7. This is due to the plugin not properly verifying that a user is authorized to perform an action in the 'saveSettings' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to modify plugin settings that control role capabilities, and subsequently exploit the misconfigured capabilities to duplicate and view password-protected posts conta... • https://plugins.trac.wordpress.org/browser/wp-duplicate-page/tags/1.6/includes/Classes/ButtonDuplicate.php#L137 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2093 – WP Duplicate Page < 1.3 - Admin+ Stored Cross Site Scripting
https://notcve.org/view.php?id=CVE-2022-2093
20 Jun 2022 — The WP Duplicate Page WordPress plugin before 1.3 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. El plugin WP Duplicate Page de WordPress versiones anteriores a 1.3 no sanea y escapa de algunas de sus configuraciones, lo que podría permitir a usuarios con altos privilegios, como los administradores, llevar a cabo ataques de Cross-Site Scripting incluso cuando unfiltered_h... • https://wpscan.com/vulnerability/a11628e4-f47b-42d8-9c09-7536d49fce4c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •