CVE-2025-13404
BaseFortify
Publication date: 2025-11-25
Last updated on: 2025-11-25
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | duplicate_page_post_plugin | 1.2.20 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the atec Duplicate Page & Post plugin for WordPress allows authenticated users with Contributor-level access or higher to duplicate any post without proper authorization checks. This includes the ability to duplicate private and password-protected posts, which should normally be restricted. The issue arises because the duplicate_post() function lacks authorization validation in all versions up to and including 1.2.20.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized duplication of posts, including sensitive content such as private and password-protected posts. As a result, it can cause data exposure by allowing users who should not have access to certain content to create copies of it, potentially leading to information leakage and privacy breaches.