Design/Logic Flaw

2023-09-0702:15:00

PRIOn knowledge base

www.prio-n.com

design logic flaw

duplicate post page menu

custom post type

wordpress

vulnerable

unauthorized duplication

capability check

authenticated attackers

subscriber access

4.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.4%

JSON

The Duplicate Post Page Menu & Custom Post Type plugin for WordPress is vulnerable to unauthorized page and post duplication due to a missing capability check on the duplicate_ppmc_post_as_draft function in versions up to, and including, 2.3.1. This makes it possible for authenticated attackers with subscriber access or higher to duplicate posts and pages.

CPENameOperatorVersion
duplicate_post_page_menu_\\&_custom_post_typele2.3.1

CPE	Name	Operator	Version
	duplicate_post_page_menu_\\&_custom_post_type	le	2.3.1

References

plugins.trac.wordpress.org/browser/duplicate-post-page-menu-custom-post-type/trunk/duplicate-post-page-menu-cpt.php?rev=2871256

plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2963515%40duplicate-post-page-menu-custom-post-type&new=2963515%40duplicate-post-page-menu-custom-post-type&sfp_email=&sfph_mail=

www.wordfence.com/threat-intel/vulnerabilities/id/d6bb08e8-9ef5-41db-a111-c377a5dfae77?source=cve