CVE-2024-1368

The Page Duplicator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the duplicate_dat_page() function in all versions up to, and including, 0.1.1. This makes it possible for unauthenticated attackers to duplicate arbitrary posts and pages.

CVSS

No CVSS.

References

Link	Resource
https://plugins.trac.wordpress.org/browser/wp-page-duplicator/trunk/page-duplicator.php#L136	Patch
https://plugins.trac.wordpress.org/browser/wp-page-duplicator/trunk/page-duplicator.php#L136	Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/bcc10e91-4810-4a0d-919c-de3e87137f76?source=cve	Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/bcc10e91-4810-4a0d-919c-de3e87137f76?source=cve	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:samuelkwle:page_duplicator:*:*:*:*:*:wordpress:*:*

History

11 Feb 2025, 19:44

Type	Values Removed	Values Added
First Time		Samuelkwle page Duplicator Samuelkwle
References	~~() https://plugins.trac.wordpress.org/browser/wp-page-duplicator/trunk/page-duplicator.php#L136 -~~	() https://plugins.trac.wordpress.org/browser/wp-page-duplicator/trunk/page-duplicator.php#L136 - Patch
References	~~() https://www.wordfence.com/threat-intel/vulnerabilities/id/bcc10e91-4810-4a0d-919c-de3e87137f76?source=cve -~~	() https://www.wordfence.com/threat-intel/vulnerabilities/id/bcc10e91-4810-4a0d-919c-de3e87137f76?source=cve - Third Party Advisory
CPE		cpe:2.3:a:samuelkwle:page_duplicator::::::wordpress::*
CWE		CWE-862

28 Feb 2024, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-28 09:15

Updated : 2025-02-11 19:44

NVD link : CVE-2024-1368

Mitre link : CVE-2024-1368

JSON object : View

Products Affected

samuelkwle

page_duplicator

CWE

CWE-862

Missing Authorization

JSON object

Attach tags to CVE-2024-1368

Attach tags to `CVE-2024-1368`